Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword.
These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data.
"For example, if you're using an older version of iOS and were to click a malicious link or visit a compromised website, the data on your iPhone might be at risk of being stolen," Apple said in a support document.
"We thoroughly investigated these issues as they were found and released software updates as quickly as possible for the most recent operating system versions to address vulnerabilities and disrupt such attacks."
Users who are already on the latest version of the iPhone software do not need to take any action. This includes iOS versions 15 through 26, which come with fixes for the various security flaws weaponized by the exploit kits. For others, Apple is recommending the following course of action -
- Update to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 for older devices that cannot update to the latest version of iOS
- Update to iOS 15 for devices with iOS 13 or iOS 14 to receive the latest protections along with a Critical Security Update that's expected to be pushed in the "next few days."
- Consider enabling Lockdown Mode, if available, in scenarios where updating the device is not an option to reduce the attack surface and protect against malicious web content and other threats.
"Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products, and devices with updated software were not at risk from these reported attacks," Cupertino noted.
Apple's advisory comes in the wake of recent reports about two iOS exploits that have been put to use by multiple threat actors of varied motivations to steal sensitive data from compromised devices. These kits are delivered through a watering hole attack via compromised websites.
iVerify said the discoveries show that iOS vulnerabilities, which were once being abused to selectively target individuals in state-sponsored mobile spyware attacks, are being exploited on a mass-scale by other threat actors.
"The exploit's relative simplicity to deploy, along with its quick adoption by multiple threat actors in multiple countries, signals that these powerful tools are now readily available on the secondary market for less-sophisticated actors," Spencer Parker, chief product officer at iVerify, said, adding, "nation-state-grade mobile exploitation is now available for mass attack."
"This represents a new level of scale, making widespread mobile attacks a critical and unavoidable concern for all enterprises. The evidence confirms that these exploits are easy to repurpose and redeploy, making it highly likely that modified deployments are actively infecting unpatched users."
