Apple Issues Urgent Lock‑Screen Warnings for Unpatched iPhones and iPads Amid Active Web‑Based Exploits
What Happened – Apple began displaying “Critical Software” lock‑screen alerts on iPhones and iPads running outdated iOS/iPadOS versions. The warnings cite active web‑based exploit kits (Coruna and DarkSword) that can compromise devices through malicious links or compromised websites. Apple urges immediate updates to the latest OS releases.
Why It Matters for TPRM –
- Unpatched consumer devices can become entry points for credential theft, data exfiltration, or lateral movement into corporate networks.
- Exploit kits targeting widely deployed iOS versions increase the likelihood of supply‑chain exposure for organizations that allow BYOD or manage iOS fleets.
- Failure to remediate may violate security policies and regulatory requirements for data protection.
Who Is Affected – Consumer‑device users, enterprises with BYOD programs, Managed Service Providers handling iOS device fleets, and any third‑party that integrates iOS apps or services.
Recommended Actions –
- Verify that all iOS/iPadOS devices under your vendor’s management are running the latest supported version.
- Enforce mandatory update policies via MDM solutions; block access from devices reporting outdated OS versions.
- Review contracts for clauses requiring timely patching of mobile operating systems and assess compliance.
Technical Notes – The alerts reference exploit kits “Coruna” (targets iOS 13.0‑17.2.1) and “DarkSword” (targets iOS 18.4‑18.7). Attack vector is malicious web content that triggers code execution on vulnerable browsers/WebViews, leading to data theft. No specific CVE numbers were disclosed; Apple has released patches in the latest iOS releases that mitigate the vulnerabilities. Source: Security Affairs