- Apple is sending critical Lock Screen notifications to iPhones and iPads on outdated software, urging immediate updates.
- New Coruna and DarkSword exploit kits are actively targeting specific iOS versions, enabling web-based spyware attacks.
- The leak of advanced hacking tools risks democratizing powerful exploits previously used mostly by nation-state actors.
- Enabling Lockdown Mode is a recommended protective measure for devices that cannot update to a supported version.
On March 27, 2026, Apple began sending targeted Lock Screen alerts to users with older iPhones and iPads as first reported, warning them of active web-based security attacks. The notifications explicitly state, “Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this critical update to protect your iPhone.”
This urgent action followed Apple’s recent support document urging updates after the discovery of new iOS exploit kits. Multiple threat actors are leveraging Coruna and DarkSword kits to deliver malware when users visit compromised websites.
However, concerns have been raised that these kits could become mass-exploitation tools, democratizing access to sophisticated spyware. Consequently, this significantly expands the potential attack surface against Apple devices.
Meanwhile, Kaspersky research found the Coruna kit is an evolved version of the framework from the 2023 Operation Triangulation campaign. The cybersecurity firm noted, “Coruna is not a patchwork of public exploits; it is a continuously maintained evolution of the original Operation Triangulation framework.”
For users unable to install the latest software, enabling Lockdown Mode is advised to block malicious web content. Apple confirmed in a statement to TechCrunch, “We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device.”
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
