Apple urges iPhone owners to update iOS after DarkSword and Coruna exploit kits are detailed

Apple on Tuesday urged iPhone owners to install the latest software updates after researchers detailed two exploit kits—DarkSword and Coruna—that can take over devices running older versions of iOS, according to NBC News. The tools, documented this month by Google and security firms iVerify and Lookout, enable remote access deep enough to pull Wi‑Fi passwords, messages, call logs, location history, browser data and even health and calendar databases, iVerify said. Apple says iOS 26, released in September, blocks both campaigns, and it pushed an unusual “special update” last week for older iPhones that cannot fully upgrade to iOS 26.

The campaigns described by the researchers rely on “watering hole” attacks: compromised or purpose-built websites that silently deliver an exploit chain when a vulnerable phone visits. That matters because it shifts the burden of defense away from user behavior—there is no suspicious attachment to avoid—and toward patch discipline and device replacement cycles. John Scott-Railton of the University of Toronto’s Citizen Lab told NBC News that “the barrier to entry for widespread, devastating mobile attacks has been decisively lowered,” warning that ordinary users cannot easily detect compromise.

The reporting also sketches how offensive tooling spreads once it exists. Coruna, Google said, was used last summer by hackers linked to Russian intelligence to target Ukrainians. Its origin story runs through the private market: Peter Williams, a former cyber executive at defense contractor L3Harris, pleaded guilty last year to selling his company’s hacking tools—including Coruna—to a Russian broker, NBC News reports. By December, Google said Chinese cybercriminals had obtained the same tool and built a “very large set of fake Chinese websites” aimed at cryptocurrency theft. The victims cited by researchers span geopolitics and commerce: Ukrainians, Chinese crypto users, and people in Saudi Arabia, Turkey and Malaysia.

Apple’s public posture is familiar—update now—and it is also a business model. A security promise that depends on rapid adoption of the newest software implicitly penalizes anyone who delays updates, runs older devices, or works in environments where patching is slow because downtime is costly. Enterprises often test updates before deployment; consumers often postpone them; and older handsets eventually fall off the main upgrade track. Apple’s stopgap update for non‑upgradeable phones is a tacit admission that a large installed base sits outside the “latest iOS” perimeter.

None of the researchers reported evidence of Americans being targeted in these specific campaigns, NBC News notes. But the same exploit chains, once circulating, do not respect borders or brand narratives.

Apple’s spokesperson summed up the fix in one sentence: “Keeping software up to date remains the single most important thing users can do.” The exploit kits described this month work only when people do not.