iOS outdated software alerts are appearing on millions of iPhones as Apple warns users of active web-based attacks targeting older iOS versions. Starting in late March 2026, Apple began sending Lock Screen notifications and “Critical Software” alerts from the Settings app to devices running iOS 17 and earlier, signaling a serious and immediate threat. The company is aware of two exploit kits—Coruna and DarkSword—that are actively being used by threat actors to compromise unpatched devices.
Key Takeaways
- Apple is sending critical security alerts to iPhones on iOS 17 and earlier warning of active web-based attacks
- Coruna targets iOS 13.0–17.2.1; DarkSword targets iOS 18.4–18.7, both actively exploited by threat actors
- Updates released March 11, 2026 include iOS 15.8.7 and iOS 16.7.15 to protect older devices
- Malicious web content and compromised links are the primary attack vector, risking data theft
- Enabling Lockdown Mode provides protection even on outdated software if immediate updating is not possible
What iOS Outdated Software Alerts Mean for Your Security
Apple’s iOS outdated software alerts carry explicit language about active threats: “Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this critical update to protect your iPhone”. These are not routine security reminders. The alerts indicate that Apple has detected real-world exploitation of vulnerabilities in older iOS versions, and threat actors are actively using these gaps to steal data.
The attacks work through malicious web content. Users who click suspicious links, visit compromised websites, or are redirected to exploit pages run the risk of having their data compromised without any obvious sign of intrusion. Unlike some security threats that crash apps or slow performance, these web-based attacks operate silently in the background, making them particularly dangerous.
According to Apple’s security guidance, “If your iPhone doesn’t have the latest software, update iOS to protect your data”. This is not hyperbole—the threat is measurable and ongoing. Devices that remain on iOS 17 or earlier are in the direct line of fire for these exploit kits.
The Exploit Kits Behind the Alerts
Two specific exploit kits are driving Apple’s alert campaign: Coruna and DarkSword. Coruna targets iOS 13.0 through 17.2.1, a massive range that covers devices from 2019 onward. DarkSword, meanwhile, targets iOS 18.4–18.7, meaning even relatively recent devices are vulnerable if they have not received the latest patches. Multiple threat actors have been using these kits over the past year to deliver malicious payloads to compromised devices.
The breadth of these targets explains why Apple is pushing alerts so aggressively. Millions of iPhones globally fall within the vulnerable ranges, and the company cannot afford to wait for users to manually check for updates. Lock Screen notifications ensure that even users who ignore Settings alerts will eventually see the warning.
How to Update and Protect Your iPhone
Updating iOS is straightforward. Go to Settings > General > Software Update and install the latest available version for your device. Apple released critical updates on March 11, 2026—iOS 15.8.7 and iOS 16.7.15 (and their iPadOS equivalents)—specifically to extend protection to older devices that cannot run the latest iOS 18.
If your device is on iOS 15 or later, you are eligible for immediate protection. If you are still on iOS 13 or 14, you must first update to iOS 15, after which you will likely receive additional critical security update alerts. Apple Safe Browsing in Safari will also block identified malicious URL domains by default, providing a second layer of defense.
For users who cannot update immediately, Apple recommends enabling Lockdown Mode if your device supports it. This feature restricts potentially vulnerable functionality and provides protection against malicious web content and other threats, though updating remains the primary defense.
Why This Matters More Than Typical Security Updates
Apple typically releases security patches monthly, and most users treat them as routine maintenance. iOS outdated software alerts signal something different: active, in-the-wild exploitation. When Apple sends Lock Screen notifications about critical software, it means threat actors are already using these vulnerabilities to target real people.
The company’s own guidance emphasizes this point: “If you have kept your iPhone software up to date, then you are already protected. Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products”. This is Apple acknowledging that the gap between patched and unpatched devices is no longer theoretical—it is being actively exploited in the wild.
Are older iPhones still at risk even after updating?
Devices on iOS 15–26 are protected by the March 11, 2026 updates and subsequent patches. If you update to the latest available version for your device, you will be protected from Coruna and DarkSword. However, older iOS versions may receive additional critical security alerts as new threats emerge, so staying current is an ongoing requirement.
What should I do if I see a Critical Software alert on my iPhone?
Update immediately. Do not ignore or dismiss the alert. Go to Settings > General > Software Update and install the latest version available for your device. If you are on iOS 13 or 14, update to iOS 15 first, then watch for additional critical security alerts.
Does Apple Safe Browsing protect me from these attacks?
Apple Safe Browsing in Safari blocks identified malicious URL domains by default, providing protection against known exploit pages. However, this is not a substitute for updating your iOS version. Malicious web content can arrive through email, messages, or apps, and Safe Browsing cannot catch every threat. Updating iOS closes the underlying vulnerabilities these exploits rely on.
The iOS outdated software alerts are Apple’s most direct warning yet that unpatched devices are under active attack. This is not a future risk—it is happening now. Update your iPhone today, and if you see a critical software alert on your Lock Screen, treat it as urgent. The threat is real, and the fix is free and immediate.
Where to Buy
Google Pixel 10 Pro | Samsung Galaxy S26 Ultra | Apple iPhone 17 Pro
Edited by the All Things Geek team.
Source: TechRadar
