Apple is actively sending lock screen alerts to users of older iPhones and iPads to warn them about active web-based attacks. These notifications urge individuals to install critical security updates immediately to protect their devices from known exploits.
Apple recently began notifying users on outdated software versions about security vulnerabilities that could allow attackers to compromise their devices through malicious websites. This move follows the discovery of exploit kits known as Coruna and DarkSword, which have been used by various threat actors to deliver malware. While Coruna affects older systems ranging from iOS 13 to 17, DarkSword is designed to target more recent versions up to iOS 18.7.
Cybersecurity researchers have identified Coruna as an advanced evolution of the framework used in Operation Triangulation, a sophisticated campaign first detected in 2023. Unlike many public exploits, this kit is a continuously maintained professional framework rather than a collection of random patches. The widespread availability of these tools suggests an active secondary market for exploits that were once the exclusive domain of state-sponsored hackers.
The proliferation of these kits has raised significant alarms within the security community because they lower the barrier for entry for cybercriminals. By making high-level exploits accessible to a broader range of attackers, these tools increase the risk of mass exploitation across the global iPhone and iPad user base. This trend effectively turns millions of older devices into a much larger and more vulnerable attack surface.
For users who cannot or will not update to the latest software, security experts recommend enabling Lockdown Mode as a secondary defense. This specialized feature, introduced by Apple in 2022, is designed to provide extreme protection against the most sophisticated digital threats by limiting certain web functionalities. It serves as a vital safeguard for those operating on hardware that may no longer support the newest operating system versions.
Apple has emphasized the effectiveness of its security measures, noting that there are no known instances of successful mercenary spyware attacks against devices with Lockdown Mode active. Despite this, the company continues to push for full software updates as the primary method of defense. Users are encouraged to check their settings immediately to ensure they are running the most recent and secure version of iOS or iPadOS available for their specific hardware.
Source: https://www.macrumors.com/2026/03/27/critical-security-alerts-sent-to-ios-17-iphones/