Apple Warns Users of Exploit Kits Targeting Older iOS Versions
AI-generated from multiple sources. Verify before acting on this reporting.
SAN FRANCISCO — Apple issued urgent Lock Screen alerts on Thursday to users of outdated iPhones, warning that active web-based exploit kits are targeting devices running iOS versions 13.0 through 18.7.
The alerts, which appeared on devices globally, were triggered after the company identified that the Coruna and DarkSword exploit kits were actively scanning for and attempting to compromise older iOS systems. The message urged users to update their operating systems immediately to protect against potential security breaches.
The discovery marks a significant escalation in the targeting of legacy Apple devices. While Apple has long supported older hardware with security patches, the specific targeting of versions spanning from 2019 to late 2025 indicates a coordinated effort by threat actors to exploit known vulnerabilities in unpatched systems. The Coruna and DarkSword kits are known for their ability to deliver malware through malicious websites, often requiring no user interaction beyond visiting a compromised page.
Apple’s decision to bypass standard notification channels and utilize the Lock Screen interface underscores the severity of the threat. The alert appeared on the device’s lock screen, requiring user acknowledgment before the phone could be unlocked. This method ensures that users are immediately aware of the risk, even if they have not yet opened their devices.
The company did not specify the origin of the exploit kits or the identity of the actors behind the campaign. However, security researchers have noted that both Coruna and DarkSword have been associated with state-sponsored groups and criminal organizations in the past. The kits are capable of installing surveillance software, stealing sensitive data, and gaining remote access to compromised devices.
Apple’s warning comes as the tech giant continues to phase out support for older devices. iOS 18.7, the upper limit of the affected versions, was released in late 2025. Users who have not updated their devices since then are now at heightened risk. The company has stated that updating to the latest iOS version is the only way to mitigate the threat posed by these exploit kits.
The alerts were sent to millions of users worldwide, including those in regions where older devices remain common. In some cases, users reported confusion over the sudden appearance of the alert, with some mistaking it for a system error or a scam. Apple has since clarified that the message is legitimate and part of its ongoing efforts to protect user security.
It remains unclear how many devices have been successfully compromised by the exploit kits. Apple has not released data on the number of infections or the extent of the campaign. The company is continuing to monitor the situation and has promised to provide further updates as more information becomes available.
Security experts are advising users to check their iOS version immediately and update if necessary. Those unable to update due to hardware limitations are urged to avoid visiting untrusted websites and to exercise caution when clicking on links from unknown sources. The incident highlights the ongoing risks associated with using outdated technology in an increasingly connected world.