Apple is currently sending lock screen notifications to iPhones and iPads running older versions of iOS and iPadOS to warn users about web-based attacks and prompt them to install updates.
This development was first reported by MacRumors.
“Apple is aware of an attack targeting older iOS software, including the version on your iPhone. To protect your iPhone, install this important update,” reads a notice issued by Apple.
The development comes a week after Apple released a support document asking users running older versions of iOS and iPadOS to update their devices following the discovery of new iOS exploit kits such as Coruna and DarkSword.
Over the past year, we have seen multiple attackers with varying motivations utilize these kits to deliver malicious payloads to unsuspecting users when they visit compromised websites. Coruna targets iOS versions 13.0 to 17.2.1, while DarkSword is designed to target iPhones running iOS versions 18.4 to 18.7.
A new report released by Kaspersky Lab this week found that the Coruna exploit kit is an evolution of the framework used in Operation Triangulation, a sophisticated campaign that targeted iPhones via a zero-click iMessage exploit. It was first discovered in June 2023.
“Coruna is not a patchwork of public exploits; it is a continual maintenance and evolution of the original Operation Triangulation framework,” the Russian cybersecurity vendor said.
It is currently unclear how the two kits ended up in the hands of multiple threat actors and cybercriminals, but recent research raises the possibility that there is an active market for second-hand zero-day exploits.
The emergence of these kits, coupled with the leak of a new version of DarkSword, has raised concerns that they could democratize access to exploits previously limited to nation-states, potentially turning them into large-scale exploitation tools. In the process, they risk turning iPhones and iPads into a larger attack surface than they currently are.
We recommend that users who are unable to update to a supported version consider enabling lockdown mode, if available, to protect against malicious web content. Lockdown mode was introduced in 2022 and is available on devices running iOS version 16 or later.
In a statement shared with TechCrunch, Apple said, “We have not heard of any successful mercenary spyware attacks against Apple devices with Lockdown Mode enabled.”
Source link
