Your iPhone could be one rogue link away from leaking your data—Apple just confirmed the attacks are already happening.
The company quietly pushed retroactive patches for iOS 15 and iOS 16 after researchers traced two active exploit campaigns, Coruna and DarkSword, that compromise devices through malicious web content. Click the wrong URL—sometimes served from an otherwise legitimate site and the chain ends with silent data theft. Apple’s own wording is blunt: devices that have not moved to iOS 15 or later remain in the crosshairs.
The fix path is straightforward for anyone on iOS 15 through the current iOS 26 branch: install the latest point release and the new defenses are in place. Owners still on iOS 13 or 14 have to take the bigger jump to iOS 15; no security-only bundle exists for those builds. A Critical Security Update alert will start hitting handsets in the next few days, but the company is not forcing the upgrade users have to act.
Apple said:
"If your iPhone doesn’t have the latest software, update iOS to protect your data."
For the minority who cannot update often owners of older hardware stuck on unsupported branches—Apple suggests enabling Lockdown Mode, the aggressive hardening profile originally created for activists and journalists who have faced mercenary spyware.
Recommending it for the general public is a tacit admission that some phones will never run a patched OS, so the only remaining option is to cripple the attack surface.
Safari’s built-in Safe Browsing list already blocks the identified domains, but that only helps if the browser is used and the list is current.
The exploits are triggered by visiting malicious web content — a link or a compromised site is enough. Apple has not disclosed the technical details of the vulnerabilities beyond confirming they were identified by security researchers. Historical campaigns against civil-society targets show the technique is practical, not theoretical.
Apple did not share infection numbers, attribution, or the full timeline, noting only that "security researchers recently identified web-based attacks that target out-of-date versions of iOS through malicious web content." The patches arrive months after the initial discovery, a gap that leaves plenty of room for retrospective cleanup.
Bottom line: if the Settings badge is red, tap it—because the alternative is to trust that every link you see is benign.
Source: Bitdefender | Google Cloud | Apple