Apple is now sending lock screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users about web-based attacks and urge them to install updates.
The development was first reported by MacRumors.
The notification released by Apple said, “Apple is aware of attacks targeting older iOS software, including the version of your iPhone. Install this important update to protect your iPhone.”
The development comes a week after Apple released a support document asking users running older versions of iOS and iPadOS to update their devices following the discovery of new iOS exploit kits like Corona and DarkSword.
Over the past year a number of threat actors with various motivations have been found leveraging these kits to deliver malicious payloads when unsuspecting users visit a compromised website. While Koruna targets iOS versions between 13.0 and 17.2.1, DarkSword is designed to target iPhones running iOS versions between 18.4 and 18.7.
A new report from Kaspersky this week found that the Corona exploit kit is an evolution of the framework used in Operation Triangulation, a sophisticated campaign that targets iPhones through a zero-click iMessage exploit. It first appeared in June 2023.
“Koruna is not a patchwork of public exploits; it is a continuously maintained evolution of the basic Operation Triangulation framework,” the Russian cybersecurity vendor said.
It is not currently known how both kits ended up in the hands of the many threat actors and cybercriminals, but recent research has raised the possibility of an active market for second-hand zero-day exploits.
The emergence of these kits along with the leaking of a new version of Darksword has raised concerns that they could democratize access to exploits previously reserved for nation-states, potentially turning them into tools for mass exploitation. In the process, they risk turning iPhones and iPads into a larger attack surface than they currently are.
Users who are unable to update to a supported version are advised to consider enabling Lockdown Mode, if available, to protect against malicious web content. Lockdown mode was introduced in 2022 and is available on devices running iOS version 16 and later.
In a statement shared with TechCrunch, Apple said, “We are not aware of any successful mercenary spyware attacks against lockdown mode-enabled Apple devices.”
