Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
Apple كتصيفط تنبيهات مستعجلة فـ Lock Screen كتحذر من ثغرات أمنية خطيرة كاينين فـ الأنترنيت
Apple Issues Urgent Lock Screen Alerts Warning of Active Web-Based Exploits
TL;DR
Apple is taking the unprecedented step of sending direct Lock Screen notifications to users of outdated iPhones and iPads. The alerts warn of active web-based attacks utilizing sophisticated exploit kits named Coruna and DarkSword, urging immediate installation of security updates or the activation of Lockdown Mode.
Unprecedented Alerts for iOS Users
In a significant shift in its security communication strategy, Apple has begun pushing critical notifications directly to the Lock Screens of devices running outdated versions of iOS and iPadOS. First reported by MacRumors, the message clearly states the severity of the situation:
"Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this critical update to protect your iPhone."
This move follows a support document released by Apple last week, which warned of new iOS exploit kits being leveraged by multiple threat actors to deliver malicious payloads via compromised websites.
The Threat: Coruna and DarkSword Exploit Kits
The primary drivers behind these urgent alerts are two specific exploit kits that have been observed in the wild over the past year:
- Coruna: This kit targets a wide range of older software, specifically iOS versions 13.0 through 17.2.1. Recent research from Kaspersky identifies Coruna as a direct evolution of the framework used in "Operation Triangulation," a highly sophisticated campaign first discovered in June 2023 that used zero-click iMessage exploits.
- DarkSword: A newer kit designed to target more recent (yet still outdated) software. DarkSword specifically targets devices running iOS versions 18.4 through 18.7.
According to security researchers, Coruna is not merely a collection of known exploits but a "continuously maintained evolution" of high-tier surveillance frameworks.
The Democratization of Cyberattack Tools
The emergence of these kits marks a concerning trend in the cybersecurity landscape. While high-end exploits were previously the exclusive domain of nation-state actors, the availability of kits like Coruna and DarkSword suggests an active market for "second-hand" zero-day exploits.
Experts warn that the leak and distribution of these tools could "democratize" access to sophisticated hacking capabilities, turning what were once targeted surgical strikes into mass-exploitation tools. This significantly expands the attack surface for iPhones and iPads globally.
Recommended Actions for Users
Apple and security researchers recommend the following steps to secure your device:
- Update Immediately: The most effective defense is to install the latest version of iOS or iPadOS available for your device.
- Enable Lockdown Mode: For users who are unable to update to a supported version or who belong to high-risk groups, Apple advises enabling Lockdown Mode.
- Lockdown Mode was introduced in 2022 for devices running iOS 16 and later.
- It provides extreme protection by limiting certain web functionalities that are often exploited.
- Apple stated to TechCrunch that they are "not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device."
While the source does not specify exactly how many users have received these notifications, the proactive nature of the alerts suggests a widespread effort by Apple to mitigate the impact of these active exploits.
Source: The Hacker News
