Apple has issued an urgent warning to iPhone users worldwide, urging them to update their devices immediately after researchers uncovered two powerful hacking tools being actively used against older iOS versions.
What Is Being Attacked and How
At the centre of the threat are two exploit kits: DarkSword and Coruna. DarkSword appears to be a surveillance and intelligence-gathering tool capable of pulling Wi-Fi passwords, text messages, call history, location history, browser history, SIM card and cellular data, as well as health, notes, and calendar databases.
Coruna is arguably more alarming in scope. Google’s Threat Intelligence Group identified it as a powerful exploit kit targeting iPhones running iOS versions between 13.0 and 17.2.1, featuring five full iOS exploit chains and a total of 23 exploits. Both tools can only be used against devices running outdated versions of iOS.
Adding to the urgency, a separate zero-day vulnerability tracked as CVE-2026-20700 (a memory corruption bug in Apple’s Dynamic Link Editor) sat undetected inside every iPhone, iPad, Mac, Apple Watch, and Apple TV for nearly 20 years before being discovered and reported to Apple by Google’s Threat Analysis Group.
Who Is Being Targeted
This is not a random, opportunistic attack. Research from multiple cybersecurity firms points to specific groups being targeted: Ukrainians targeted by Russian intelligence, Chinese cryptocurrency users, and people in Saudi Arabia, Turkey, and Malaysia. The tools have been linked to commercial spyware operations and state-sponsored actors, the same category of threat that produced Pegasus.
That said, the danger is not limited to high-profile individuals. According to John Scott-Railton, a senior researcher at Citizen Lab, these tools could easily be used to hack anyone whose iOS is out of date, noting that the barrier to entry for widespread, devastating mobile attacks has been decisively lowered.
The Half-Updated Problem
Apple’s warning lands against a troubling backdrop: a large portion of its user base simply hasn’t updated. Roughly 50 percent of Apple’s 1.8 billion users have not updated to the latest iOS, and as of January 2026, only about 4.6 percent of active iPhones were running iOS 26.2, with just 16 percent using any version of iOS 26. Slow adoption has been partly attributed to concerns over battery drain and discomfort with the Liquid Glass redesign introduced in iOS 26.
What makes these vulnerabilities especially dangerous is that web-based attacks require no app installation because simply visiting a compromised website with outdated software can be enough to give an attacker full access to the device.
What You Should Do Right Now
Apple has been direct: update your device. The company stated it released software updates as quickly as possible to address the vulnerabilities and disrupt the attacks, adding that users who have kept their iPhone software up to date are already protected.
Beyond updating, security experts recommend restarting your device at least once a week. Malwarebytes noted that high-end spyware tools often rely on users not restarting their devices, as a reboot flushes out memory-resident malware that has not achieved persistence. Users should also avoid opening unsolicited links and consider enabling Lockdown Mode if they believe they may be high-value targets.
