183/69 Tuesday, March 31, 2026
Apple has begun sending “Critical Software” alerts directly to the lock screens of iPhone and iPad users running outdated versions of iOS and iPadOS. The notifications warn of web-based attacks targeting older, unpatched software versions. The alerts have appeared on a wide range of devices, including those running iOS 17.0, extending beyond devices on iOS 13 and 14 that Apple had previously highlighted in support documentation.
The threat is linked to exploit kits such as Coruna, which targets iOS versions 13.0 through 17.2.1, and DarkSword, which targets iOS 18.4 through 18.7. Apple warns that devices without the latest updates may be vulnerable to data theft simply by clicking a malicious link or visiting a compromised website. On March 11, 2026, Apple released updates extending protections to devices running iOS 15 and 16. Users still on iOS 13 or 14 are required to upgrade to iOS 15 and install additional critical security updates.
Researchers from Kaspersky reported that Coruna leverages an updated version of a kernel-level vulnerability previously used in the 2023 Operation Triangulation campaign, showing significant similarities in code and attack frameworks. However, devices updated to the latest iOS versions are not affected. Apple stated that enabling Lockdown Mode and Safari’s Safe Browsing features can help mitigate these threats, but emphasized that updating the operating system remains the most effective way to protect user data.