DarkSword: A New Threat to iPhone Users
A recently discovered hacking technique, dubbed "DarkSword," poses a significant risk to iPhone users who have not updated their devices to the latest iOS versions. The hack, identified by Google alongside cybersecurity firms Lookout and iVerify, can compromise an iPhone simply by visiting an infected web page. The tool currently targets iOS 18 releases from version 18.4 up to 18.6.2.
DarkSword is classified as a "fileless" hack, meaning it does not install persistent spyware on the device. Instead, it exploits legitimate iOS processes to steal data and then removes all traces of its activity. The attack begins when an iPhone encounters a malicious iframe embedded in a website. From there, the tool works its way through the device, gathering sensitive information such as passwords, messages, iCloud content, and specifically targeting cryptocurrency wallets.
Apple's Response and Patches
Apple has confirmed that it patched the underlying vulnerabilities exploited by DarkSword in iOS versions 15 through 26 last year. Additionally, the company issued emergency updates for devices running iOS 15 and 16 that cannot upgrade to newer versions. However, users still on iOS 13 or iOS 14 must update to at least iOS 15 to be protected. Those operating systems were released in 2019 and 2020, respectively.
On September 15, 2025, Apple simultaneously released iOS 26 and iOS 18.7. This means that even users who chose not to upgrade to iOS 26 received patches to mitigate the DarkSword vulnerability. Apple also clarified that the Safe Browsing features in Safari block the malicious URLs identified in Google's security blog. According to Apple's latest developer statistics, approximately 24% of iOS devices are still running some version of iOS 18, though the number of potentially vulnerable phones is lower because many have updated within that family.
Geographic Spread and Origins
DarkSword has reportedly been used in Ukraine, Saudi Arabia, Malaysia, Turkey, and Russia. Its origins may be linked to a different hacking toolkit called Coruna, which was reportedly created for the US government by a company named Trenchant. The tool did not become widely available until its source code was left on a website by Russian users, complete with explanatory comments in English describing each component and including the name "DarkSword."
Recommendations for iPhone Users
To protect against DarkSword and similar threats, users should ensure their devices are updated to at least iOS 18.7 or iOS 26. Apple advises keeping software current for security reasons, as patches are regularly released to address newly discovered vulnerabilities. Users can check for updates by going to Settings > General > Software Update. It is also important to avoid visiting suspicious websites and to enable Safari's fraud warnings and Safe Browsing features.
The discovery of DarkSword serves as a reminder that even with strong built-in security, iPhones are not immune to sophisticated attacks. Staying on top of software updates and practicing safe browsing habits remain the best defenses against fileless hacks and other emerging threats.
Source: Engadget News