Apple has started sending system-level Lock Screen warnings to some iPhones and iPads running older versions of iOS and iPadOS, alerting users that they may be exposed to active, real-world web-based attacks.
These alerts are part of Apple’s security notification system, which is used when the company detects that a user may be individually targeted by sophisticated spyware or exploit activity, often involving malicious web content or zero-day vulnerabilities.
In these warnings, Apple typically urges users to:
-
Update to the latest available iOS/iPadOS version immediately
-
Enable stronger protections such as Lockdown Mode (for high-risk users)
-
Avoid interacting with suspicious links or web content
The timing matters here: older iOS versions often miss the latest security patches, which means known vulnerabilities can remain exploitable until the device is updated.
Apple has used similar notifications in the past as part of its broader “threat intelligence” approach, where it proactively warns users it believes may be targeted by advanced spyware campaigns, rather than waiting for widespread infection.
If you want, tell me your iOS version and I can check what security updates or risks might apply to it.
What you’re describing is essentially Apple’s expanded security alert system being used at a broader scale than usual, targeting users on older, vulnerable iOS builds.
Here’s the key takeaway in plain terms:
What these alerts mean
Apple is warning some users that:
-
Their device is running out-of-date iOS software
-
There is active exploitation in the wild (not just theoretical bugs)
-
Attackers are using malicious websites or links to try to compromise devices
The notification labeled as “Critical Software” is designed to stand out because Apple treats this as a high-severity risk, similar to its known threat notifications used in targeted spyware campaigns.
Why older versions are being flagged
The mention of exploit kits like “Coruna” and “DarkSword” (as reported) suggests attackers are actively chaining known vulnerabilities across multiple iOS generations, including:
- iOS 13 → iOS 17.2.1 (and possibly earlier unpatched variants)
That matters because even a single outdated component (like WebKit or image parsing) can be enough for a “drive-by” compromise if a user visits a malicious page.
What Apple is doing in response
Apple has been addressing these issues through security-only updates for older iOS branches, such as:
-
iOS 15.8.7
-
iOS 16.7.15
These don’t add features—they patch known security holes that are still being actively exploited.
At the same time:
-
iOS 15 and newer patched devices are considered protected
-
Older unsupported devices are encouraged to upgrade to the highest supported iOS version
Why you might be seeing this now
The interesting part is that Apple is reportedly showing these warnings even on:
- iOS 17.0 devices (which are not extremely old)
That suggests either:
-
A new wave of active exploitation, or
-
Apple tightening thresholds for “high-risk outdated” classification
What users should actually do
The guidance is simple but important:
-
Update iOS immediately (Settings → General → Software Update)
-
If stuck on older hardware, install the latest supported security update
-
Enable Lockdown Mode if you’re in a high-risk category (journalists, activists, etc.)
Bottom line
This isn’t a general “your phone is old” warning—it’s Apple reacting to real, ongoing web-based attack activity targeting unpatched devices, and pushing users to close the security gap quickly.
If you want, I can break down what Lockdown Mode actually blocks in practice or explain how these “web-based zero-click” style attacks typically work.