Apple Issues Alert: Outdated iPhones at Risk from Coruna & DarkSword Web Exploit Kits
What Happened — Apple has released a security advisory warning that iPhones running legacy iOS versions are vulnerable to web‑based exploit kits — Coruna and DarkSword. These kits deliver malicious payloads through compromised web pages, enabling data theft and device compromise.
Why It Matters for TPRM —
- Legacy mobile endpoints can become a foothold for attackers targeting your organization’s data.
- Exploit‑kit activity often spreads laterally to corporate networks via BYOD or mobile‑first policies.
- Unpatched devices undermine the security posture of any third‑party vendor that relies on Apple hardware.
Who Is Affected — Consumer‑grade iOS devices, enterprise‑managed iPhones, and any organization that permits personal iOS devices for work.
Recommended Actions —
- Enforce iOS version compliance across all managed devices.
- Accelerate rollout of the latest iOS updates.
- Validate that mobile device management (MDM) policies block outdated browsers and enforce secure web gateways.
Technical Notes — The exploit kits leverage known iOS vulnerabilities (CVE‑2025‑XXXX series) to execute malicious JavaScript from compromised sites, leading to credential theft and data exfiltration. Source: The Hacker News