CP
cyberpings
VulnerabilitiesHIGH

iOS Update Urged as Coruna and DarkSword Exploit Kits Emerge

SASecurity Affairs
CVE-2025-31277CVE-2026-20700CVE-2025-43529CVE-2025-14174CVE-2025-43510
🎯

Basically, Apple says to update your iPhone to avoid hackers stealing your data.

Quick Summary

Apple warns iPhone users to update iOS to fend off new exploit kits. Coruna and DarkSword pose serious risks by stealing sensitive data. Stay safe by updating your device now!

The Flaw

Apple has issued a strong warning to iPhone users about the emergence of two dangerous exploit kits: Coruna and DarkSword. These kits target outdated versions of iOS, exploiting vulnerabilities to steal sensitive data. The Coruna exploit kit, identified by Google’s Threat Intelligence Group, is particularly concerning as it can affect devices running iOS versions from 13.0 to 17.2.1. It includes 23 different exploits and has been linked to targeted attacks by various threat actors.

The DarkSword exploit kit, discovered later, has been used since late 2025 by multiple groups, including surveillance vendors. It targets iPhones running iOS 18.4 to 18.7, utilizing several zero-day vulnerabilities to achieve full device compromise. This highlights a significant risk for users who neglect to update their devices regularly.

What's at Risk

The risks associated with these exploit kits are severe. Users with outdated iOS versions are at risk of having their personal information, including credentials and cryptocurrency wallet data, stolen. The Coruna kit has been linked to targeted attacks in Ukraine, while DarkSword has been observed in campaigns against several countries, including Saudi Arabia and Turkey.

Both kits utilize advanced techniques to bypass security measures, making them highly effective. For instance, Coruna employs a JavaScript framework that detects device types and loads appropriate exploits. This sophistication allows attackers to execute their plans with minimal user interaction, increasing the likelihood of successful breaches.

Patch Status

Apple has been proactive in addressing these vulnerabilities. On March 11, 2026, they released critical updates for iOS versions 15 and 16, extending protection against these exploit kits. Users running iOS 13 or 14 are urged to upgrade to at least iOS 15 to secure their devices.

Moreover, Apple’s Lockdown Mode can help block these attacks even on older systems, although updating is still highly recommended. Users must ensure their devices are running the latest iOS version to mitigate risks effectively.

Immediate Actions

To protect yourself from the threats posed by Coruna and DarkSword, take the following steps:

  • Update your iPhone to the latest iOS version immediately.
  • If you are on iOS 13 or 14, upgrade to iOS 15 and install the latest security updates.
  • Enable Safari’s Safe Browsing feature to block known malicious domains.
  • Consider using Lockdown Mode if you suspect targeted attacks.

Staying informed and vigilant is crucial in today’s digital landscape. Regular updates and security measures are your best defense against these evolving threats.

🔒 Pro insight: The emergence of both Coruna and DarkSword highlights the ongoing risk of exploit proliferation among various threat actors targeting iOS devices.

Original article from

Security Affairs · Pierluigi Paganini

Read Full Article

Share

Related Pings

CRITICALVulnerabilities

Critical Jenkins Vulnerabilities - Expose CI/CD Servers to RCE

A critical security advisory warns of multiple high-severity vulnerabilities in Jenkins. These flaws could allow attackers to execute arbitrary code, compromising CI/CD pipelines. Administrators must act quickly to patch these vulnerabilities to safeguard their systems.

Cyber Security News·
CRITICALVulnerabilities

Cisco Firewall 0-Day - Critical Ransomware Exploited

CISA has issued a critical warning about a zero-day vulnerability in Cisco firewalls. This flaw is actively exploited in ransomware campaigns, putting enterprises at risk. Immediate patching is essential to prevent severe operational disruptions.

Cyber Security News·
CRITICALVulnerabilities

Langflow Vulnerability - Critical Bug Exploited in Hours

A critical vulnerability in Langflow was exploited within 20 hours of its disclosure. Attackers executed arbitrary code without needing authentication, putting sensitive data at risk. Organizations must act quickly to secure their systems and protect against potential breaches.

Infosecurity Magazine·
HIGHVulnerabilities

Bamboo Data Center - High-Risk Remote Code Execution Flaw

A critical vulnerability in Bamboo Data Center allows attackers to execute remote code, threatening software development processes. Immediate patching is essential to secure your systems and prevent exploitation.

Cyber Security News·
HIGHVulnerabilities

Vulnerabilities - Unpatched ScreenConnect Servers Open to Attack

ConnectWise has patched a critical vulnerability in ScreenConnect that allows session hijacking. Organizations using this remote access tool must upgrade to protect sensitive data. Immediate action is essential to prevent exploitation.

Help Net Security·
CRITICALVulnerabilities

Critical Langflow Vulnerability - Exploited Within Hours

A critical vulnerability in Langflow has been exploited just hours after it was disclosed. This flaw allows attackers to execute code without authentication, risking sensitive data. Organizations must act quickly to patch and secure their systems.

SecurityWeek·