A support document from Apple said users running outdated iOS are at risk from web-based attacks that use exploit kits called Coruna and DarkSword, and that devices on current software were not affected.
KEY FACTS
- Incident Web-based exploit kits Coruna and DarkSword target outdated iOS
- Attack vector Malicious or compromised websites deliver the kits via watering hole attacks
- Affected software Older iOS versions are vulnerable while iOS 15 through 26 include fixes
- Mitigation Install listed security updates or enable Lockdown Mode when updates are not possible
The attacks use malicious web content to trigger an infection chain that can lead to theft of sensitive data. Compromised sites and malicious links are the delivery method.
Fixes are included in recent iOS releases. For older devices that cannot move to the newest system, updates such as iOS 15.8.7 and iOS 16.7.15 are available.
When updates are not possible, enabling Lockdown Mode can reduce the attack surface and limit exposure to malicious web content.
Devices running the latest versions were not at risk from the reported attacks. The disclosure does not quantify how many devices were affected.
WHY IT MATTERS
Unpatched iPhones that visit compromised websites may have sensitive data stolen. Installing the listed security updates or using Lockdown Mode reduces the risk to users and enterprises.