# Lockdown Mode in iOS: Full Protection Against Coruna and DarkSword Exploits
Apple has confirmed no successful compromises of devices with Lockdown Mode enabled, even after the leak of the Coruna and DarkSword exploit kits. These tools, targeting iOS 13–17.2.1 and 18.4–18.7, contain exploits for 23 vulnerabilities but automatically stop working upon detecting lockdown mode. Researchers from Citizen Lab have documented blocks of Pegasus and Predator attacks in real-world scenarios.
The mode, introduced in 2022, minimizes the attack surface: it disables complex web technologies, blocks attachments in messages, link previews, and incoming FaceTime calls from unknown contacts. This provides an extreme level of protection against targeted attacks without affecting basic functionality.
Exploit Blocking Mechanism
Coruna and DarkSword are commercial kits for zero-click exploit chains. Coruna scans the device and stops if Lockdown Mode is active, just like DarkSword. The source code leak has democratized access to them, turning the threat into a mass issue for outdated iOS versions.
Experts highlight two classes of devices:
- New models on iOS 26 with Memory Integrity Enforcement.
- Older iPhones on iOS 17 and below, vulnerable without updates.
Apple has released patches for unsupported devices and notifications for iOS 17 users. Recommendation: enable Lockdown Mode as an interim measure.
Functional Limitations of the Mode
When activated, strict rules apply:
- Blocking most attachments in iMessage and Mail.
- Disabling JIT compilation in Safari (except basic HTML/CSS).
- Prohibiting incoming FaceTime calls from non-contacts.
- Restricting web content: no WebRTC, complex fonts, audio/video.
- Blocking configuration profiles and wired connections to hosts.
This reduces the attack surface by 70–90% according to Citizen Lab estimates, without affecting core functions like calls, SMS, and basic browsing.
Recommendations for Mid-Level/Senior Developers
When developing apps, account for Lockdown Mode:
- Test without JIT and WebGL — use fallbacks for Canvas 2D.
- Avoid complex attachments; offer downloads after confirmation.
- For enterprise: check MDM compatibility, as profiles are blocked.
- In security analysis, model reduced surface: focus on kernel exploits, no userland.
- Monitor the iOS Security Guide for hardening updates.
Key Points
- Lockdown Mode has blocked all known Pegasus/Predator/Corona/DarkSword attacks.
- Automatic exploit shutdown upon mode detection.
- Two security classes: iOS 26 vs. legacy.
- Limitations: no JIT, no WebRTC, blocked attachments.
- Enable via Settings > Privacy & Security > Lockdown Mode.
— Editorial Team
No comments yet.