my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Your Old iPhone Is Under Active Attack. Update It Today.

John Z Black Mar 13, 2026 Consumer Security #apple #ios #webkit #coruna #patch #mobile-security #active-exploitation

Your Old iPhone Is Under Active Attack

Apple just pushed an emergency security update for older iPhones and iPads, patching Coruna WebKit vulnerabilities that are already being actively exploited in the wild.

Got an older device you haven’t updated? Go to Settings > General > Software Update right now. Install whatever’s available. Then come back and read this.

What’s a WebKit Vulnerability?

WebKit is the browser engine under Safari and, on iOS, under every other browser app too. A WebKit vulnerability being actively exploited means visiting a malicious website can be enough to compromise your device. No app to download. No suspicious link to deliberately click. Just navigating to a page.

The Coruna vulnerabilities specifically let attackers execute code on your device through this browser-level path. They can potentially take control, access your data, install software, or monitor what you do.

CISA added these Apple iOS CVEs to its Known Exploited Vulnerabilities catalog. That catalog is specifically for vulnerabilities being used in real attacks right now. Not theoretical. Not lab-only. Happening.

Why Older Devices Specifically

Apple patches the latest OS first, then follows up with targeted updates for older hardware that can’t run the current release. This update targets that second group. And there are a lot of them.

People keep iPhones for years. It’s common to have devices running older iOS versions because they still work fine. From a security perspective, those are a massive exposure if they’re not getting patches. And a specific target if attackers are looking for an underpatched population.

Who’s Using These Exploits?

WebKit vulnerabilities have historically been a favored tool for state-sponsored spyware operators. The Pegasus spyware repeatedly used Apple WebKit flaws to compromise devices belonging to journalists, activists, and government officials. That doesn’t mean everyone is a spyware target. But the attack class is well-understood and well-funded.

When Apple issues an emergency update for legacy hardware, they’ve seen enough evidence that the risk is broad.

What to Do

Update your device. Check the older phones and iPads in your household and office. Family members with old iPads. Phones that “just work” and haven’t been updated in months.

And don’t dismiss the update because the device is old. An older iPhone still has your email, banking apps, contacts, and location history. The value to an attacker doesn’t depend on how new the hardware is.

Apple is telling you this is actively being exploited. Take it seriously.

Read the full story at gNerdSEC