Back to Home

Lockdown Mode iOS: protection from Coruna DarkSword

Lockdown Mode in iOS has proven invulnerability to Coruna and DarkSword exploits after their leak. The mode minimizes the attack surface by blocking complex technologies. Recommendations for developers on compatibility and testing.

iOS Lockdown Mode is invulnerable to Coruna and DarkSword
Advertisement 728x90

# Lockdown Mode in iOS: Full Protection Against Coruna and DarkSword Exploits

Apple has confirmed no successful compromises of devices with Lockdown Mode enabled, even after the leak of the Coruna and DarkSword exploit kits. These tools, targeting iOS 13–17.2.1 and 18.4–18.7, contain exploits for 23 vulnerabilities but automatically stop working upon detecting lockdown mode. Researchers from Citizen Lab have documented blocks of Pegasus and Predator attacks in real-world scenarios.

The mode, introduced in 2022, minimizes the attack surface: it disables complex web technologies, blocks attachments in messages, link previews, and incoming FaceTime calls from unknown contacts. This provides an extreme level of protection against targeted attacks without affecting basic functionality.

Exploit Blocking Mechanism

Coruna and DarkSword are commercial kits for zero-click exploit chains. Coruna scans the device and stops if Lockdown Mode is active, just like DarkSword. The source code leak has democratized access to them, turning the threat into a mass issue for outdated iOS versions.

Google AdInline article slot

Experts highlight two classes of devices:

  • New models on iOS 26 with Memory Integrity Enforcement.
  • Older iPhones on iOS 17 and below, vulnerable without updates.

Apple has released patches for unsupported devices and notifications for iOS 17 users. Recommendation: enable Lockdown Mode as an interim measure.

Functional Limitations of the Mode

When activated, strict rules apply:

Google AdInline article slot
  • Blocking most attachments in iMessage and Mail.
  • Disabling JIT compilation in Safari (except basic HTML/CSS).
  • Prohibiting incoming FaceTime calls from non-contacts.
  • Restricting web content: no WebRTC, complex fonts, audio/video.
  • Blocking configuration profiles and wired connections to hosts.

This reduces the attack surface by 70–90% according to Citizen Lab estimates, without affecting core functions like calls, SMS, and basic browsing.

Recommendations for Mid-Level/Senior Developers

When developing apps, account for Lockdown Mode:

  • Test without JIT and WebGL — use fallbacks for Canvas 2D.
  • Avoid complex attachments; offer downloads after confirmation.
  • For enterprise: check MDM compatibility, as profiles are blocked.
  • In security analysis, model reduced surface: focus on kernel exploits, no userland.
  • Monitor the iOS Security Guide for hardening updates.

Key Points

  • Lockdown Mode has blocked all known Pegasus/Predator/Corona/DarkSword attacks.
  • Automatic exploit shutdown upon mode detection.
  • Two security classes: iOS 26 vs. legacy.
  • Limitations: no JIT, no WebRTC, blocked attachments.
  • Enable via Settings > Privacy & Security > Lockdown Mode.

— Editorial Team

Google AdInline article slot
Advertisement 728x90

Read Next