Apple Issues Urgent Lock Screen Warnings as Active Exploits Target iPhones and iPads

Apple has issued urgent lock screen warnings for unpatched iPhones and iPads, alerting users to two active web-based exploit campaigns currently in the wild. The warnings target two distinct attack chains: “Coruna,” which targets iOS versions 13.0 through 17.2.1, and “DarkSword,” aimed at the more recent iOS 18.4 through 18.7 range.

Both exploits can steal sensitive data through malicious links or compromised websites, requiring no user interaction beyond visiting a crafted page. Apple is taking the unusual step of using lock screen notifications to reach users who may not have automatic updates enabled, signaling the severity of the threat.

Source: Security Affairs

Why This Matters

Lock screen warnings are a rare and aggressive move from Apple, which typically relies on silent background updates. The fact that two separate exploit chains are active simultaneously — one targeting legacy devices and one targeting current firmware — suggests a coordinated or at least opportunistic campaign exploiting the patch gap. If you’re running anything below iOS 18.8, update now. The web-based attack vector means no app install or sideloading is needed — just a bad link.