Apple Now Sending Critical Security Alerts to iPhones Running iOS 17 and Earlier

[MacRumors]

Apple has begun pushing Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS, warning users of active web-based attacks.

The alerts, which appear as a "Critical Software" notification from the Settings app, warn that Apple "is aware of attacks targeting out-of-date iOS software, including the version on your iPhone," and urge users to install a critical update to protect their device. The notifications are being seen on devices running a range of older iOS versions, including iOS 17.0, far beyond the iOS 13 and iOS 14 devices that Apple specifically flagged in its support documentation.

In the documentation, Apple highlighted recent reports about hacking tools that are effective against older versions of iOS. Hackers are using iOS exploit kits known as "Coruna" and "DarkSword," which can take advantage of vulnerabilities in iOS 13 through to iOS 17.2.1. Clicking a malicious link or visiting a compromised website on an unpatched device could result in data being stolen.

"If your iPhone doesn't have the latest software, update iOS to protect your data," Apple says. Users can update by going to Settings, General, and Software Update.

Apple released iOS 15.8.7 and iOS 16.7.15, along with corresponding iPadOS versions, on March 11 to address security vulnerabilities associated with the Coruna exploit kit. Devices running the latest updated versions of iOS 15 through iOS 26 are already protected, while devices on iOS 13 or iOS 14 must update to iOS 15 to receive these protections.

Apple has patched the vulnerabilities as they have come to light over the last several months, so users who have already upgraded to the newest version of iOS available for their iPhone are protected from the malicious websites and links that are circulating right now. Apple Safe Browsing in Safari is enabled by default and blocks the malicious URL domains identified in the attacks.

Users who are unable to update should consider enabling Lockdown Mode, if available, to protect against malicious web content. Lockdown Mode is available on iOS 16 and later.

Article Link: Apple Now Sending Critical Security Alerts to iPhones Running iOS 17 and Earlier

 

[thadoggfather]

is this popping up for people on iOS 18 as well that are on devices capable of iOS 26? That would be interesting.

If so, some people might find iOS 26 upgrade a bit of a mixed bag who purposefully held off.

 

[WarmWinterHat]

is this popping up for people on iOS 18 as well that are on devices capable of iOS 26? That would be interesting.

If so, some people might find iOS 26 upgrade a bit of a mixed bag who purposefully held off.

Don't think so since it says iOS 17 and below.

Well, it hasn't for me, anyway.

 

[AusMness]

Glad to see this. Hopefully this starts appearing on iOS 18 (on devices that support 26) as well

 

[GUNSTAR1]

Jailbreak community is gonna love this...

 

[JosephAW]

These vulnerabilities were one of the reasons I finally bit the bullet and went from iOS 18 to iOS 26.
Unfortunately it’s not a one-sided problem, Apple is also contributing by not providing updates for devices that can run newer versions of iOS.
This would be like Apple saying we are no longer patching Sequoia for devices that can run Tahoe, absurd, they’re providing updates for Sequoia even though devices can run a newer version of macOS. 😵

 

[NicosAccount]

People out there still rocking iphone X and below? Wild

 

[WarmWinterHat]

Glad to see this. Hopefully this starts appearing on iOS 18 (on devices that support 26) as well

Hopefully not, otherwise I'll go ahead and hit purchase on that Pixel that been sitting in my Amazon cart for a while.

Unless there is a genuine reason, and there currently isn't, then that would be Apple just being obnoxious.

 

[clmason]

But I still can't update my iPhone 15 to the latest version of iOS 18? Still stuck on 18.7.3 if I don't want to go to 26.

 

[nymphe]

People out there still rocking iphone X and below? Wild

why? my father is still using 6s plus...

 

[Corefile]

Does this mean I can keep using the last version of iOS supported on an iPhone widget knowing that Apple will blink first and patch security issues?

 

[AusMness]

Hopefully not, otherwise I'll go ahead and hit purchase on that Pixel that been sitting in my Amazon cart for a while.

Unless there is a genuine reason, and there currently isn't, then that would be Apple just being obnoxious.

If it means you finally decide to uphold basic security standards, then sure, get the Pixel

 

[npmacuser5]

Choices have repercussions. Apple’s decision to notify customers is the appropriate course of action. The user has the option to make a choice, and if that choice leads to negative consequences, the user bears the responsibility. Users have been adequately informed.

 

[WarmWinterHat]

If it means you finally decide to uphold basic security standards, then sure, get the Pixel

There is nothing wrong me with me staying on 18.7, other than Apple not being able to brag about it.

 

[CarAnalogy]

Really glad to finally see some rage directed at their update policies. I noticed this years ago trying to keep my iPad on 15, before they ruined the apple tv app.

Which is exactly why they do it. Each new update includes more ads.

 

[AusMness]

There is nothing wrong me with me staying on 18.7, other than Apple not being able to brag about it.

Ohhh yes there is, and if you can’t see it there are bigger issues at hand

 

[Arran]

If a friend or family member got that notification I'd tell them to update pronto.

The personal and financial information on an iPhone is irresistible to criminals. Don't make them rich.

 

[WarmWinterHat]

Ohhh yes there is, and if you can’t see it there are bigger issues at hand

Please enlighten me, oh knowledgeable one.

 

[FNH15]

Hopefully not, otherwise I'll go ahead and hit purchase on that Pixel that been sitting in my Amazon cart for a while.

Unless there is a genuine reason, and there currently isn't, then that would be Apple just being obnoxious.

There literally are genuine reasons. Stay on 18 & enable Lockdown mode if you wish.

 

[WarmWinterHat]

There literally are genuine reasons. Stay on 18 & enable Lockdown mode if you wish.

Naa.

Liquid Glass on my work phone makes we want to throw it out the window. Would rather not have that same experience on my personal device.

Apple isn't sending these notices to updatable devices running iOS 18. So, if it's so terrible, then why not?

 

[AusMness]

Please enlighten me, oh knowledgeable one.

Darksword exploit explanation https://techcrunch.com/2026/03/23/s...xploit-kit-that-can-hack-millions-of-iphones/
Google explains it further https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
TL;DR, iPhones running 18.7 (except XRs and XSes) are vulnerable to a zero-click wide range attack that can steal most if not all of one’s important data - and the solution is a just couple buttons away

 

[techfirth]

I wonder if they’ll patch the Studio Display? It runs iPadOS 17…

 

[WarmWinterHat]

Darksword exploit explanation https://techcrunch.com/2026/03/23/s...xploit-kit-that-can-hack-millions-of-iphones/
Google explains it further https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
TL;DR, iPhones running 18.7 (except XRs and XSes) are vulnerable to a zero-click wide range attack that can steal most if not all of one’s important data - and the solution is a just couple buttons away

I'm cool, but thanks.

I don't bank on my phone, have any social media, or keep any sensitive data on it.

 

[sw1tcher]

If a friend or family member got that notification I'd tell them to update pronto.

The personal and financial information on an iPhone is irresistible to criminals. Don't make them rich.

They don't need the personal or financial info on an iPhone to get rich. They're doing just fine by targeting older adults and seniors with:

- Romance (a.k.a. Pig Butchering) scams
- Parent / grandparent scams where a child or grandchild pretends to be in, usually legal, trouble and needs money
- Bitcoin ATM scams where older adults/seniors are tricked into thinking a bank account has been compromised and they need to quickly withdraw money and deposit it all into a Bitcoin ATM for safe keeping

FTC Issues Annual Report to Congress on Agency’s Actions to Protect Older Adults

Today, the Federal Trade Commission issued its annual report to Congress on protecting older adults, which shows a big increase in the number of older adults reporting losses of over $100,000 to sc

www.ftc.gov

Older Adult Fraud Reporting Findings

Total fraud losses reported by older adults (ages 60 and over) increased about fourfold from 2020 to 2024, skyrocketing from about $600 million in 2020 to $2.4 billion in 2024. This increase was largely driven by reports of losses over $100,000, often to investment scams, romance scams, or impersonations.

In 2024, older adults reported losing far more money to investment scams than to any other fraud type, often reporting that the scammers targeted them on social media. In fact, consumers of all ages report social media as the most common method of contact for investment scams.


Apple can cut down on social media initiated financial scams by banning all social media apps.

 

[abcmax]

These vulnerabilities were one of the reasons I finally bit the bullet and went from iOS 18 to iOS 26.
Unfortunately it’s not a one-sided problem, Apple is also contributing by not providing updates for devices that can run newer versions of iOS.
This would be like Apple saying we are no longer patching Sequoia for devices that can run Tahoe, absurd, they’re providing updates for Sequoia even though devices can run a newer version of macOS. 😵

I also finally went from iPadOS 18 to 26 for the same reason, but I have the same thoughts as you.