Apple Issues Urgent Critical Software Alerts for Outdated iPhones

Apple has initiated an unprecedented wave of 'Critical Software' alerts, directly notifying millions of iPhone and iPad users still running older versions of its operating systems about severe security vulnerabilities. These urgent notifications, which appear prominently on device lock screens and within the Settings app, explicitly state that Apple is aware of active attacks targeting out-of-date iOS software. The alerts are a direct response to the discovery and active exploitation of vulnerabilities by sophisticated 'exploit kits' known as 'Coruna' and 'DarkSword'. These malicious toolkits are designed to leverage flaws in iOS versions ranging from iOS 13 all the way up to iOS 17.2.1, with DarkSword also targeting newer iOS 18.4 to 18.7. The danger is significant: simply clicking on a malicious link or visiting a compromised website on an unpatched device could allow attackers to execute arbitrary code and potentially steal sensitive personal data. This heightened level of alert from Apple underscores the critical nature of the threat. Unlike routine software update reminders, these 'Critical Software' warnings are specifically designed to be difficult to ignore, emphasizing the immediate risk to user data and device integrity. Apple's support documentation for India also confirms these web-based attacks and explicitly advises users to update their iOS to protect their data. To address these vulnerabilities, Apple has already released specific security updates. For instance, iOS 15.8.7 and iOS 16.7.15 were rolled out on March 11, 2026, to provide protection for older iPhones and iPads that can no longer upgrade to the absolute latest iOS versions. Devices running iOS 13 or iOS 14 are particularly vulnerable and are being urged to update to at least iOS 15 to receive these essential protections. Users with devices running iOS 15 through iOS 26 who have kept their software updated are already protected against these specific reported attacks. Updating your device is straightforward: users can navigate to Settings > General > Software Update on their iPhone or iPad. It is also highly recommended to enable automatic updates to ensure continuous protection against future threats. It is important to differentiate these 'Critical Software' alerts from Apple's 'Rapid Security Responses' (RSRs). RSRs are a newer feature that delivers small, focused security improvements between major software updates, typically applied to the latest minor operating system versions (e.g., iOS 16.4.1(a)). The current alerts, however, target a much broader range of *older, unpatched* major iOS versions, necessitating a full software update to a more secure version. The Indian Computer Emergency Response Team (CERT-In), India's national cybersecurity agency, has also independently issued a severe warning for users of Apple devices, including iPhones, iPads, and Macs, due to multiple security vulnerabilities. CERT-In's advisory highlights that these flaws could enable attackers to execute arbitrary code, escalate privileges, access sensitive information, bypass security restrictions, or cause denial-of-service attacks. This reiterates the global and local significance of these security concerns and the urgent need for Indian users to update their devices immediately, as recommended by both Apple and the Indian government. If updating is not immediately possible, Apple also suggests enabling Lockdown Mode (available on iOS 16 and later) as an additional layer of protection against malicious web content, although updating remains the primary and most effective defense. Apple's Safe Browsing feature in Safari is enabled by default and helps block known malicious URL domains associated with these attacks. This widespread alert signifies a serious, active threat, making timely software updates non-negotiable for maintaining digital security.

Frequently Asked Questions

Read Full Story on Quick Digest