China’s Ministry of Industry and Information Technology has issued an urgent warning for Apple users, saying attackers are exploiting serious flaws in iPhones and iPads running older versions of iOS. The scare spread quickly across Chinese social media, with headlines suggesting that simply opening a malicious webpage in Safari could allow hackers to steal personal data, plant malware, and take control of the device. So how worried should ordinary users be, and what should you actually do right now?
What The Warning Actually Says
According to the official alert cited by Chinese cybersecurity channels, the affected range includes Apple devices running iOS 13.0 through 17.2.1, as well as related iPad versions. Attackers reportedly use poisoned links sent by SMS, email, or compromised webpages to lure victims into opening malicious content through Safari. Once triggered, the exploit chain can lead to information theft, remote control, and full system compromise.
In plain English, this is not about someone guessing your password. It is about carefully crafted webpages that abuse multiple software flaws at once. If enough pieces line up, the attacker can jump from the browser into deeper parts of the system and gain extremely high privileges.
Meet DarkSword, The Name Behind The Panic
The exploit tool that has drawn the most attention is called DarkSword. Security researchers describe it as one of the most advanced full chain iPhone attack kits seen so far. Rather than relying on one bug, it strings together a series of vulnerabilities in WebKit, browser components, system libraries, and the iPhone kernel itself. That lets it move from a malicious webpage to code execution, sandbox escape, privilege escalation, and finally data theft.
Researchers say DarkSword is linked to highly targeted operations, not random mass consumer attacks. Reports have tied parts of the infrastructure to campaigns involving government or media targets in places like Ukraine, Turkey, Malaysia, and Saudi Arabia. That context matters. It means the threat is very real, but it does not mean every ordinary iPhone user is about to be hacked the moment they open Safari.
“This is a serious warning, but not a reason to panic. For most users, the biggest risk is staying on old software and clicking sketchy links.”
Why Older iPhones Are In The Spotlight
One reason the story exploded on Zhihu is that Apple has already been pushing security updates across a surprisingly wide range of older devices. Users reported seeing fresh patches even on aging hardware like the iPad mini 4 and iPad Air 2. Apple’s iOS 15.8.7 and iPadOS 15.8.7 updates specifically backported fixes for flaws connected to the earlier Coruna exploit chain, including kernel and WebKit bugs that could allow arbitrary code execution.
That tells us two things. First, Apple clearly considers these vulnerabilities important enough to patch on devices that can no longer move to the newest major system. Second, if your device is old and you have been ignoring update prompts, this is exactly the moment to stop doing that.
So Is Every iPhone Vulnerable?
Not exactly. The most alarming official language in China focused on iOS 13 through 17.2.1, which are older versions that may still be running on many devices. Separate security research around DarkSword and Coruna shows that later iOS branches were also targeted at different times, but Apple has already released patches for those issues in newer versions. In other words, the real dividing line is not “iPhone versus Android” or “Apple is unsafe.” The dividing line is patched versus unpatched.
If your iPhone is fully updated, your risk drops sharply against known attacks. If you are still sitting on an old build because you turned updates off, blocked major upgrades, or worried that a newer version might slow your phone down, you are the kind of user this warning is aimed at.
How The Attack Works In Real Life
The typical setup is simple. A victim receives a link by text message or email, or lands on a legitimate site that has been compromised. That page quietly loads malicious content, often through an embedded frame. Safari processes the page, the exploit chain begins, and the attacker tries to push from web content into the system. Some researchers describe this as a “one click” attack because the victim may only need to open the page.
Once successful, the malware payload can reportedly grab messages, contacts, call logs, notes, browsing data, photos metadata, Wi Fi details, credentials, and other sensitive information. Some payloads appear designed for quick smash and grab theft, while others may support deeper surveillance.
What You Should Actually Do Today
First, update your iPhone or iPad immediately. If your device supports the latest major version, install it. If it does not, install the newest security update available for your older branch. Apple has been patching vulnerable pathways across both newer and legacy devices, so even an old iPhone may still have a protective update waiting.
Second, stop clicking unfamiliar links in SMS and email, especially if they pressure you to log in, verify an account, or open a document in Safari. This sounds basic, but it remains the front door for many real world attacks.
Third, if you are a journalist, activist, executive, government worker, or anyone else likely to be individually targeted, consider enabling Lockdown Mode in Apple’s security settings. It reduces some functionality, but it is specifically designed for users facing sophisticated spyware style threats.
Finally, do not install weird configuration profiles just to block updates or stay on an older iOS version. That habit may make sense to jailbreak enthusiasts, but for normal users it often creates more security risk than benefit.
The Bigger China Angle
The MIIT warning is also a reminder that smartphone security is no longer just a tech support issue. In China, once a notice rises to this level, it means the problem is being framed as part of a broader national cybersecurity concern. That does not necessarily mean millions of ordinary users have already been hit. It means the threat is serious enough, and the affected user base large enough, that regulators want people to stop ignoring update prompts.
For expats in China, the practical takeaway is simple. If you use an iPhone for banking, WeChat, work logins, travel bookings, or anything sensitive, treating system updates as optional is no longer smart. The good news is that the fix is also simple. Patch the phone, be careful with links, and move on.
Curated and translated from Zhihu, China's largest Q&A platform. Read the original discussion →
Newsletter
Subscribe to The Expat Edit — Geopolitics
Chinese perspectives on global events, wars, and great power competition. Curated from Zhihu.
Free. No spam. View on Substack →
