For years, the prevailing wisdom in cybersecurity was that the iPhone was a digital fortress. Breaking into iOS was thought to be so expensive and resource-intensive that only nation-states could afford to target high-value individuals. However, the emergence of two hacking kits, Coruna and DarkSword, has shattered this narrative, revealing that millions of users are now at risk of near-indiscriminate attacks.
A New Era of Widespread Attacks
Recent investigations by researchers at Google, iVerify, and Lookout have uncovered broad hacking campaigns. Unlike the surgical strikes of the past, these operations—linked to Russian intelligence and Chinese cybercriminals—use compromised websites and fraudulent pages to target any visitor running outdated software.
The danger has escalated because these tools have leaked online. This leak allows lower-level cybercriminals to repurpose sophisticated code, once reserved for spies, to launch their own attacks against the general public.
The iOS Security Divide
Apple has not been idle. With the release of iOS 26 and the iPhone 17, the company introduced Memory Integrity Enforcement. This feature is designed to neutralize memory corruption bugs—the exact vulnerabilities that the DarkSword kit relies on. Apple also continues to promote Lockdown Mode for those at extreme risk.
However, this has created a two-tier security landscape:
- The Protected Class: Users on the latest hardware and software who benefit from memory-safe code.
- The Vulnerable Class: Users on older devices or software like iOS 18, who remain susceptible to exploits that are now publicly available.
The Business of “Second-Hand” Exploits
The myth that iPhone hacks are “highly advanced” is also being challenged. Security expert Patrick Wardle notes that these tools are simply the “baseline capability” for modern states.
Furthermore, a thriving second-hand exploit market has emerged. Researchers at Lookout explain that developers now have a financial incentive to sell an exploit twice: first to a primary client, and then to a broader secondary market once the flaw is patched but before the general population has updated their devices. This ensures that even “fixed” vulnerabilities continue to plague users who lag behind on their software updates.
