You Need to Update iOS, Here's Why

Reading Time: 5 minutes.

A Settings app icon with a red dot, indicating an update

Don’t ignore the red dot!

You know that little red indicator icon over the Settings app? It’s there because you haven’t updated iOS yet, though an update is ready. You should go ahead and update that. This week, a powerful and easy to use iOS hack became public, and any iOS device that isn’t updated could be easily exploited. The real shame is that older devices that no longer receive updates are completely vulnerable. Apple updated some older versions of iOS, but with old devices declared obsolete, those holding on to some ancient iPhones or iPads may find their data is completely vulnerable.

So will you if you haven’t updated. Did you update yet? Because you can come right back to read about why you need to update afterwards, but right now? I think it would be wise to start that update a little early, if it’s not already too late for you.

In This Article:

Coruna and DarkSword

Okay, so maybe I’m doing a little fear mongering here, but it’s for your own good. The Coruna and DarkSword malware are likely government projects that have been cut free of their government chains. We repeatedly tell lawmakers and law enforcement that any backdoor will inevitably compromise everyone, and now their little toys are loose. One more than the other. DarkSword has its root in state-ran intelligence, but now you can just grab it on GitHub. The malware itself can infect a device when it visits a website. That’s it. Load the page and you’re infected.

Coruna

Coruna was the first state-sponsored malware that made its rounds online. Coruna is the Google-given name for a sophisticated suite of malware tools for infecting iOS devices. Security researchers believe it was created by state-funded contractors, likely working for the U.S. government. Similar hacking techniques were found in previously discovered malware that also is suspected to be created by contractors working for the U.S. government. These hacks were later found elsewhere, including Russia and in the hands of Chinese language cybercriminals running crypto scams. Russian spies seem to be using it to spy on Ukrainians and tens of thousands of Chinese iPhone users have been hacked with it.

“It’s highly sophisticated, took millions of dollars to develop, and it bears the hallmarks of other modules that have been publicly attributed to the US government. This is the first example we’ve seen of very likely US government tools—based on what the code is telling us—spinning out of control and being used by both our adversaries and cybercriminal groups.”

– Rocky Cole, iVerify cofounder

Coruna takes advantage of 23 known distinct vulnerabilities in iOS. The hacks won’t work on a device that has Lockdown mode enabled, and you’ll be happy to know that updating your iOS device is also enough to protect you now.

Current versions of Coruna in the wild range from stealthy, simply extracting information using built-in iOS functionality, to more invasive. The latter, which combs through emails and attempts to steal crypto wallet details, seem to be made by hackers repurposing the original malware. Because it’s a fileless hack that piggybacks off of standard iOS processes, you can actually clear it off your device by restarting your iPhone. However, by then, the damage may have already been done.

DarkSword

DarkSword is a separate piece of malware, but, much like Coruna, it’s stealthy and dangerous. DarkSword can infect a device when a user goes to an infected website. Like Coruna, it’s also a fileless hack that can be removed if you restart your device, but is also dangerous enough to steal a large amount of data before that happens. It’s been found in use in Russia, Saudi Arabia, Turkey, and Malaysia. It also is suspected to have been developed by contractors working for the United States.

DarkSword is professionally-made malware, with excellently documented code. That code is also publicly available. While Coruna hacks may have been illegally sold to other governments and hacking groups, DarkSword found its way to public code repositories like GitHub. For some time, you could find DarkSword hacks on GitHub, and they’ll likely pop back up on occasion. Now that the malware’s loose to the public, it’ll be available to anyone. According to Matthias Frielingsdorf, another iVerify cofounder, the software that leaked to GitHub “will work out of the box,” and that “there is no iOS expertise required.” These are simple hacks that anyone can take advantage of.

Dangerous Nets

Part of the biggest threat software like this poses is that it doesn’t require targeting. Someone could set up a website with the hack that could make someone a more profitable target, such as a website about trading crypto, but these hacks could get money and data from anyone. It’s easy to implement and one click, meaning they work without needing the victim to do something stupid, and just about everyone has information on their devices they don’t want leaking, from passwords to financial info to even your browser history.

iOS Devices Made Obsolete

Fortunately, you won’t need to do much to avoid these hacks. Just update your iPhone. However, not every iPhone will receive the security updates, but most are. Apple may not release new feature updates to older versions of iOS, but they are still sending security updates to them. This means that older devices that cannot update to iOS 26 can still get the security updates. In fact, all the way back to iOS 15, which is now 4 versions older than Apple’s latest version of iOS, has updates.

iOS 15.8.7, 16.7.15, 17.7.7, 18.7.3, and 26.3.0 all contain updates that fix these security flaws. Remember, Apple changed their numbering randomly last year, so 26 is the iOS version after iOS 18. This does mean obsolete iPhones will still be vulnerable. You shouldn’t use an iPhone 6 or older for anything online anymore. However, the iPhone 6s and newer should be safe.

The iPhone 6s came out in 2015. It’s 11 years old. My Pixel 5a stopped receiving security updates in 2024, just three years after it was released. It’s already useless as a personal device and vulnerable online. Even Samsung, who pledges more updates for their devices than most Android manufacturers, will only guarantee 6 years of updates. This shows off one of the best reasons to get an iPhone over an Android phone. Sure, Apple does make their devices worse over time in what some have called planned obsolescence, but at least they won’t be insecure.

Protecting Yourself

Just update your device. Keep it updated. Restarting on occasion can clear out a number of hacks, and Lockdown Mode can keep out even the FBI’s best hackers. However, your best bet will always be staying up to date.

This hack specifically targets mobile WebKit. Unfortunately, due to some seemingly monopolistic decisions, all iOS browsers use the same version of WebKit that Safari uses, minus the plugins that Apple allows Safari to access, which often provide greater security and privacy. If Apple users could use browsers with different rendering engines and security, fewer people would be vulnerable to the same hacks, making the development of these hacks less profitable. Although, I suppose it does keep people from using Chrome, so at least there’s one benefit to Apple’s monopolistic tactics.

Update iOS. The latest version is actually 26.4, and contains a number of updates, including improved autocorrect ad new emoji. There’s even a Sasquatch! If your security isn’t worth the update, surely that is! Bigfoot says update now! 🫈

Sources:

Google Threat Intelligence Group
Lorenzo Franceschi-Bicchierai, TechCrunch
Andy Greenberg, Wired, 2
iVerify
Michael Kan, PC Mag
Marko Zivkovic, AppleInsider