APPLE is urging users still on an outdated iOS version to update their iPhones to defend against web-based attacks carried out by Coruna and DarkSword exploit kits. The advisory explains that malicious web content can target out-of-date iOS versions, triggering an infection chain that may lead to the theft of sensitive data, with a hypothetical scenario of clicking a malicious link or visiting a compromised site cited by Apple.
According to The Hacker News, Apple says updates for the most recent operating system versions were released quickly to address vulnerabilities and disrupt such attacks, and that users on the latest software are not at risk.
The guidance lists specific update paths for older devices, including iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15, and notes that for devices that cannot update to the latest, updating to iOS 15 remains an option to receive protections along with a Critical Security Update expected in the next few days.
It also recommends enabling Lockdown Mode where updating is not possible, to reduce the attack surface against malicious web content. iVerify has said that the exploits are being used by multiple threat actors in various countries, highlighting a shift toward mass-scale exploitation of iOS vulnerabilities.