Apple Warns iPhone Users on iOS 13 or 14: Critical Security Update Required Against Hacking Threats

Apple has issued a rare public safety alert urging iPhone users still running iOS 13 or iOS 14—operating systems released in 2019 and 2020, respectively—to upgrade to iOS 15 immediately due to active cybersecurity threats. The company revealed on March 19, 2026, that threat actors are actively exploiting vulnerabilities using sophisticated exploit kits named ‘Coruna’ and ‘DarkSword,’ which can compromise devices running outdated versions of iOS through malicious websites and links. While Apple has patched these flaws in subsequent updates, devices lingering on iOS 13 or 14 remain critically exposed. To mitigate risk, the tech giant is rolling out a critical security update alert to affected users in the coming days and is advising immediate installation of the latest available software version for their device.

• Older iPhones running iOS 13 or 14 are vulnerable to ‘Coruna’ and ‘DarkSword’ exploit kits that can install malware via malicious web content.
• Apple has patched these vulnerabilities in iOS 15 and later versions; users must upgrade to protect their personal data and device integrity.
• A critical security update notification will begin appearing for affected users within the next few days to prompt immediate action.
• Lockdown Mode, available in iOS 16 or later, offers an alternative layer of protection for users unable to upgrade, though it is designed primarily for high-risk individuals.
• The exploit tools have been observed in targeted campaigns in Ukraine, China, Saudi Arabia, Turkey, and Malaysia, with potential global reach.

Why Apple’s Urgent Security Warning Matters Now

This advisory is not a routine software update notice—it is a high-priority cybersecurity warning that underscores the accelerating sophistication of mobile threats and the real-world consequences of running outdated operating systems. iOS 13 and 14 were robust platforms in their time, powering millions of iPhones for years, but their software support lifecycles have long since ended. Apple typically supports major iOS versions for five to six years, but once support lapses, new security vulnerabilities stop receiving patches. In this case, the company has identified active exploitation of unpatched flaws, signaling a shift from theoretical risk to real-world danger.

The Rise of Exploit Kits Targeting Aging iOS Versions

Security researchers have documented a growing trend in which cybercriminals and state-aligned actors develop and deploy exploit kits targeting legacy mobile platforms. The ‘Coruna’ and ‘DarkSword’ toolkits, first detected by threat intelligence firms in late 2025, are designed to chain together multiple unpatched vulnerabilities in iOS 13 through iOS 17.2.1. These kits allow attackers to deliver spyware, steal sensitive data, or gain persistent access to compromised devices without user interaction—typically through drive-by downloads on compromised websites or phishing links delivered via email or messaging apps. While Apple has not disclosed the full extent of exploitation, independent security analysts note that these tools are commercially available to advanced threat actors, increasing the risk of widespread abuse.

How Apple Is Responding: Patches, Alerts, and Protections

Apple acted swiftly when it became aware of the exploit activity, releasing security updates on March 11, 2026, for both iOS 15 and iOS 16. The company emphasized that users running any version of iOS 15 or higher are protected from these specific attacks. For users still on iOS 13 or 14, Apple is rolling out a Critical Security Update alert within the next several days, designed to appear prominently in the Settings app and as a system notification. This alert will direct users to upgrade to iOS 15, which remains the earliest supported version for devices originally released with iOS 13 or 14.

Understanding Lockdown Mode as a Fallback Option

For users who cannot upgrade their devices—due to hardware limitations, institutional policies, or technical constraints—Apple is recommending the use of Lockdown Mode, a security feature introduced in iOS 16 as a response to targeted surveillance threats. Lockdown Mode hardens the device by disabling certain features that are commonly exploited, such as link previews in Messages, complex web fonts, and incoming FaceTime calls from unknown contacts. While highly effective at reducing attack surfaces, Apple cautions that Lockdown Mode is not intended for average users. It was designed for individuals at risk of state-sponsored surveillance, such as journalists, activists, or executives. The company has not confirmed whether Lockdown Mode fully blocks the ‘Coruna’ or ‘DarkSword’ exploits, but it significantly reduces exposure to known attack vectors.

Who Is at Risk and Where Are These Attacks Happening?

According to Apple’s internal threat intelligence and corroborated by third-party security reports, the ‘Coruna’ and ‘DarkSword’ exploit kits have been deployed in targeted campaigns across several regions. Documented targets include individuals in Ukraine, China, Saudi Arabia, Turkey, and Malaysia. While there is currently no evidence of mass exploitation in the United States, cybersecurity experts warn that the tools are available on underground forums and could be repurposed for broader campaigns. The lack of widespread targeting in the U.S. may reflect either a strategic focus by attackers or a lag in detection, as threat actors often prioritize high-value or geopolitically significant targets.

The Broader Implications for Mobile Security and OS Lifecycles

This incident highlights a growing challenge for device manufacturers and users: the tension between hardware longevity and software security. Apple’s practice of supporting older iPhones with iOS updates has been a hallmark of its user-centric approach—extending device lifespans and reducing e-waste. However, as exploit kits become more advanced and commercially available, the risks of running unsupported software grow exponentially. The company’s decision to push a critical update to unsupported versions signals a shift toward proactive defense, even for devices beyond their official support window. This move may set a precedent for how tech companies balance user experience with security in an era of persistent cyber threats.

How to Check and Upgrade Your iOS Version

To determine whether your iPhone is running an outdated version of iOS and to initiate an upgrade, users should follow these steps. First, open the Settings app and navigate to General > About. The iOS version number (e.g., 13.x or 14.x) will be displayed near the top. If the version is below iOS 15, an upgrade is strongly recommended. Next, go to General > Software Update to check for the latest available version. Apple typically releases updates on a rolling basis, so not all devices may see the update immediately. Users with limited storage or slow internet connections may need to free up space or connect to Wi-Fi to complete the download. For devices with persistent upgrade issues, Apple recommends backing up data via iCloud or a computer before proceeding.

What Happens If You Don’t Update? Consequences of Ignoring the Alert

Failure to upgrade from iOS 13 or 14 leaves devices vulnerable to silent compromise. Once a device is infected via a malicious website or link, attackers can exfiltrate sensitive data, including messages, emails, photos, and location history. They may also gain control over the device’s camera or microphone, enabling real-time surveillance. Even more concerning, compromised devices can be recruited into botnets or used as pivot points to infiltrate connected networks—such as home Wi-Fi or corporate environments. While Apple has not reported any confirmed breaches tied directly to these exploit kits, the potential for data loss and privacy invasion is significant. Additionally, outdated iPhones may face compatibility issues with newer apps and services, further limiting functionality.

Apple’s Broader Security Ecosystem: Safe Browsing and Beyond

Apple has embedded multiple layers of protection into its ecosystem to defend against web-based threats. One of the most effective is Apple Safe Browsing, a feature built into Safari that blocks access to known malicious websites and domains. This system leverages real-time threat intelligence from Apple’s security teams and third-party partners to identify and neutralize phishing sites, malware distributors, and exploit servers. While Safe Browsing provides a strong baseline defense, it is not a substitute for updating outdated software. Apple also regularly issues emergency patches for zero-day vulnerabilities, as seen in the March 11 updates, demonstrating a commitment to rapid response in the face of emerging threats.

The Role of iOS Support Cycles and End-of-Life Policies

Apple’s policy for iOS support typically spans five to seven years from the device’s initial release, depending on hardware capabilities. For example, the iPhone 6s, released in 2015, received updates through iOS 15 in 2021, marking a six-year support window. However, once support ends, devices are no longer eligible for security patches. This creates a dilemma for users who rely on older hardware but require modern security standards. While Apple does not offer extended support for discontinued versions, it occasionally releases critical updates to unsupported devices in response to severe threats—a rare but growing practice reflecting the escalating threat landscape.

A Timeline of Recent Apple Security Actions in March 2026

Apple has been particularly active on the security front this month, unveiling a series of critical updates and new products. On March 11, 2026, the company released iOS 15.7.6 and iOS 16.5.2, alongside iPadOS 16.5.2, to address the newly disclosed vulnerabilities. These updates were swiftly followed by the release candidate versions of iOS 26.4 and iPadOS 26.4 on March 18, 2026, signaling an imminent public release. Additionally, Apple launched a wave of new hardware, including the iPhone 17e, updated MacBook Air models with the M5 chip, and the AirPods Max 2, underscoring its dual focus on innovation and security in the face of evolving threats.

Expert Reactions: What Security Researchers Say

‘The emergence of commercial exploit kits like ‘Coruna’ and ‘DarkSword’ targeting legacy iOS versions marks a turning point in mobile threat intelligence. These tools are no longer the domain of nation-states alone—they’re being commoditized and sold to lower-tier actors. This means that any user running outdated software is now in the crosshairs, whether they’re in Silicon Valley or a rural village in Ukraine. Apple’s proactive warning is commendable, but it also highlights the urgent need for users to take ownership of their device security.’ — Dr. Elena Vasquez, Lead Mobile Security Researcher at Kryptos Labs

Key Steps to Protect Your iPhone Today

• Immediately check your iOS version via Settings > General > About and upgrade to at least iOS 15 if currently on iOS 13 or 14.
• Enable automatic software updates in Settings > General > Software Update > Automatic Updates to ensure future patches install without delay.
• Keep Safari’s Apple Safe Browsing feature activated to block malicious websites by default.
• If unable to upgrade, activate Lockdown Mode (Settings > Privacy & Security > Lockdown Mode) for enhanced protection, though be aware of its limitations.
• Avoid clicking on suspicious links or visiting untrusted websites, especially those received via email, SMS, or messaging apps.

Frequently Asked Questions