Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Apple has issued a warning that should concern millions of users of older iPhones worldwide. The company is alarming that devices running outdated iOS versions are exposed to advanced attacks using exploit kits such as Coruna and DarkSword. This is not a typical security warning — it is a call for immediate action for anyone who thinks their old iPhone still serves its purpose. The attacks use malicious web content to infect devices and steal sensitive personal data, financial information, and access credentials.

The problem has a much broader scope than it might seem. Millions of users worldwide, including many Poles, deliberately do not update their phones — either because older models run slower after installing new system versions, or because they don't want to lose jailbreak, or simply because they forgot about it. Meanwhile, cybercriminals are well aware of this weakness and actively exploit it. Exploit kits such as Coruna and DarkSword are advanced tools that can automatically scan for vulnerabilities in browsers and operating systems, and then exploit them without any user involvement.

What is particularly concerning — the attacks work through regular internet browsing. You don't have to click on a suspicious link, you don't have to download anything suspicious. All you need to do is visit an infected website, and your device can be attacked. This changes the entire dynamics of mobile security and shows why Apple is pushing for rapid system updates.

Coruna and DarkSword — how advanced exploit kits work

To understand the scale of the threat, it's worth taking a closer look at how these tools function. Exploit kits are automated platforms that allow even inexperienced attackers to conduct advanced cyberattacks. Coruna and DarkSword belong to the newest generation of such tools — they are advanced, flexible, and difficult to detect.

They work in a simple but effective way. First, the attacker hosts a malicious website or infects an existing website with JavaScript code. When a user with an outdated iOS visits this site, the script automatically checks what version of the system the device has and what vulnerabilities might be available. This happens in the background, without the user's knowledge. The exploit kit then selects the appropriate security hole for the given system and attempts to exploit it.

If the attack succeeds — and in the case of older, unpatched systems, success is very high — an infection chain follows. The phone downloads malicious software that installs itself in the system with high privileges. At this point, the attacker has access to everything: banking data, passwords saved in the browser, messages, photos, location. Everything.

Importantly, the user may notice nothing suspicious. The phone may work normally, and the malicious software operates in the background. Some advanced variants even hide themselves from system security monitoring tools. This is what makes these attacks so dangerous — they are invisible to the average user.

Why older iPhones are so vulnerable

The question everyone asks themselves: why exactly older models? The answer is simple — each new iOS version contains fixes for vulnerabilities discovered in previous versions. Apple regularly publishes so-called security patches. When you don't update your system, you remain with holes that are already known to cybercriminals and have been published in publicly available databases.

Additionally, older iPhone models — such as iPhone 6S or iPhone 7 — may not receive the latest iOS versions at all. Apple typically supports devices from the last 5-6 years with updates, but this means that phones older than that simply go without security support. If you own an iPhone from 2014, you will no longer receive any updates, and that means every discovered hole will remain open forever.

Attackers know this perfectly. Exploit kits such as Coruna are programmed to test exactly these known, older vulnerabilities. It's as if a burglar was checking every house on a street looking for locks he already knows are faulty. The chance of success is astronomical.

It's also worth noting that older iPhones may have performance issues after installing new iOS versions. Many users deliberately don't update because the new system makes their phone run significantly slower. This is a dilemma in which security loses to practicality — the user chooses a phone that works instead of a phone that is secure. Apple unfortunately has not solved this problem satisfactorily.

Infection chain — from click to data theft

Let's take a closer look at what happens when an exploit kit attacks a device. The process is planned and automatic, but it's worth understanding to realize the seriousness of the threat.

It all starts with a visit to an infected website. This could be a news portal, forum, music or movie site — anything. The user doesn't know the site is infected. Their iPhone downloads the page, and with it JavaScript containing exploit code. At this point, the exploit kit scans the device, checking the iOS version and installed applications. This takes only a few seconds.

Next, the kit selects the appropriate security hole. If the device has iOS 13 and hasn't been updated for a year, the exploit kit knows exactly which vulnerabilities are available. It tries to exploit them until one succeeds. Usually this takes less than a minute. The user during this time may be reading an article on the site, completely unaware that their phone is being attacked.

When a hole is successfully exploited, malicious software is downloaded. This could be spyware, a keylogger, a banking trojan, or simply a universal data theft tool. The software installs itself with high privileges, meaning it has access to everything. It can read SMS messages, intercept calls, monitor messages in communication apps, access photos, location, and even turn on the camera and microphone.

Attackers usually immediately transmit sensitive data to servers in their controlled infrastructure. The data can be sold on the black market, used for identity theft, credit fraud, or extortion. All of this happens within minutes, and the user has no idea that their digital life has been compromised.

Polish threat — how big is the problem in Poland

In Poland, the situation is particularly concerning. Research shows that a significant portion of Polish mobile device users do not regularly update their devices. The reasons are varied — lack of awareness, reluctance to change the interface, concerns about performance, but also simply forgetting.

Additionally, the Polish cybercriminal community is well-organized and actively trades access to infected devices. Data stolen from Polish iPhones ends up on dark web forums, where it is sold to other cybercriminals. Poland is a particularly attractive target because users have access to bank accounts with large amounts, and Polish banks have traditionally been less advanced in implementing advanced security systems.

Importantly, traditional Polish media poorly inform about cybersecurity threats. Most users in Poland don't know that their iPhone can be attacked just by browsing the internet. They think it's enough not to click on suspicious links and they're safe. This false sense of security makes Polish users particularly vulnerable.

Apple's recommendations — are they sufficient

Apple recommends that users immediately update to the latest available iOS version. This is obvious advice, but it turns out to be difficult for many people to follow. First, not everyone knows how to update the system. Second, updating requires an internet connection and can take many minutes. Third, some users fear that the new system will run slower on their old phone.

Apple could do more. For example, it could automatically install critical security patches without asking the user, similar to how Microsoft does it with Windows. It could also optimize new iOS versions to run faster on older devices. It could introduce a notification system that would be more aggressive and intrusive for users who don't update their system.

Meanwhile, Apple is going in a different direction — encouraging users to buy new devices. New iPhones are always more secure because they have the latest hardware and the latest system. This is obviously good for Apple's business, but it's not good for user security. Apple should push harder for older devices to remain secure for longer.

Alternative layers of protection — what can the user do

If you can't immediately update your iPhone, there are additional steps you can take to increase security. None of them will replace an update, but they can reduce the risk of attack.

First, install an adblocker in your Safari browser. Exploit kits often work through malicious ads. An adblocker can block many of them. Second, avoid websites that look suspicious — sites with lots of ads, sites with low SEO ranking, sites that ask you to install applications. Third, consider using a VPN, which can encrypt your internet traffic and hide your location.

Fourth, regularly check what apps have access to your data. Go to Settings > Privacy and review the permissions of each app. If an app shouldn't have access to your camera, microphone, or location, deny access. Fifth, enable two-factor authentication on all your important accounts — Apple ID, email, bank accounts. This will make it harder for attackers to access your accounts even if they steal your password.

Sixth, be cautious with SMS and email messages that ask you to click a link. Attackers often use phishing to infect devices. If you receive a message from your bank asking you to click a link, always verify that the message is authentic by logging directly into the bank's website instead of clicking the link.

The future of mobile security — what must change

The current situation is unsustainable. Millions of users worldwide are exposed to attacks, and device manufacturers are not doing enough to protect them. Something must change.

First, manufacturers like Apple should support their devices with security for longer. Five years is insufficient. It should be ten years or even more. A user who buys an expensive iPhone should have the guarantee that it will be secure for at least ten years, even if the phone runs slower.

Second, it should be mandatory for manufacturers to inform users in a clear and understandable way when a device stops receiving security support. Many people simply don't know that their phone no longer receives updates.

Third, regulators should introduce regulations that force manufacturers to support security for longer. Already now in the European Union there are regulations on the right to repair — there should also be regulations on the right to security.

In the meantime, if you have an older iPhone, don't wait. Update it today. It will take you a few minutes, and it could save your data, your identity, and your money. Coruna and DarkSword are real threats, and attackers are already active. Security is not optional — it is a necessity.