**Critical Security Notice: New Vulnerabilities Affecting Legacy iPhones and iPads**
Recent information from Google’s Threat Intelligence Group has sparked serious concerns about the security of legacy iPhones and iPads. Two vulnerabilities, referred to as Coruna and DarkSword, have been unveiled, which exploit various weaknesses in iOS and iPadOS to compromise devices that have not been upgraded to the most recent operating systems. The pressure on users to refresh their devices has escalated, particularly following the public release of these vulnerabilities on GitHub.
### Grasping the Vulnerabilities
The Coruna and DarkSword vulnerabilities exploit weaknesses in WebKit and other elements that Apple has recently addressed in updates for iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7. These weaknesses can enable attackers to capture sensitive user information or take full control of the compromised devices.
In response to these discoveries, Apple has published a support document underscoring the vital necessity for users to keep their devices current, even if they cannot run the latest iterations of iOS. Furthermore, Apple has suggested activating Lockdown Mode as an additional safeguard against possible hacking efforts.
### The Disclosure and Its Consequences
The situation intensified when an updated version of the DarkSword exploit was leaked on GitHub, making it available to a broader audience. This development significantly increases the probability of attacks capitalizing on these vulnerabilities. According to Matthias Frielingsdorf, co-founder of iVerify, the leaked materials consist of simple HTML and JavaScript, enabling anyone with basic technical proficiency to implement them on a server in no time.
Frielingsdorf conveyed serious apprehensions regarding the leak, stating, “This is bad. They are far too easy to repurpose. I don’t think this can be contained anymore. Thus, we must anticipate that criminals and others will begin utilizing this.” He stressed that the vulnerabilities are easy to employ, necessitating no advanced knowledge of iOS.
### Reaction from Apple and Microsoft
In response to inquiries about the vulnerability, Apple confirmed its awareness of the situation and mentioned that an urgent update was released on March 11 for devices unable to run the latest versions of iOS. Microsoft, which owns GitHub, did not offer an immediate response.
### Final Thoughts
The rise of the Coruna and DarkSword vulnerabilities underscores the crucial need for keeping software current on devices. Users of legacy iPhones and iPads are strongly encouraged to update their operating systems to reduce the risk of exploitation. As the situation unfolds, vigilance and proactive actions will be vital in protecting personal information and device security.