Introduction
A recently identified hacking tool, known as 'DarkSword', poses significant risks to iPhone users operating on iOS 18, particularly versions 18.4 to 18.6.2. This tool exploits vulnerabilities that can be triggered merely by visiting compromised web pages, leading to potential data theft.
Details of the Threat
Cybersecurity experts have outlined how DarkSword operates as a 'fileless' hack. This means that it does not install traditional spyware on the device; instead, it manipulates legitimate processes within the iOS operating system to access sensitive information. Once the hacking sequence is initiated by encountering a malicious iframe embedded in a webpage, DarkSword collects data, including passwords and messages, before erasing all traces of its activity.
Apple's Response
In response to the emergence of DarkSword, Apple has taken proactive steps to address the vulnerabilities exploited by this hack. An Apple spokesperson confirmed that the company patched the relevant security flaws in iOS versions 15 through 26 last year. Furthermore, emergency updates were rolled out for devices still running iOS 15 and 16, which cannot be upgraded to newer versions.
While users on iOS 13 or 14 must upgrade to at least iOS 15 to benefit from these protections, Apple encourages all users to keep their devices updated for optimal security. Notably, Apple's Safe Browsing features in Safari automatically block URLs associated with the DarkSword threat, providing an additional layer of defense.
Impact and Usage
DarkSword has reportedly been utilized in various regions, including Ukraine, Saudi Arabia, Malaysia, Turkey, and Russia. Its origins may be linked to another hacking toolkit named Coruna, which is believed to have been developed for the U.S. government by a company called Trenchant. The tool became widely accessible after Russian developers inadvertently published its source code online, complete with detailed descriptions of its components.
Current Situation
Despite the release of iOS 26 and iOS 18.7 on September 15, 2025, which included patches for the vulnerabilities exploited by DarkSword, approximately 24% of iPhone users remain on some version of iOS 18. Although not all of these users are at risk, the situation reminds everyone of the importance of maintaining up-to-date software to mitigate potential security threats.
Conclusion
As the landscape of cybersecurity continues to evolve, it is crucial for iPhone users to be vigilant about software updates. While Apple has made strides in patching known vulnerabilities, the threat of tools like DarkSword underscores the ongoing need for users to remain informed and proactive about their device security.
Update, March 19, 2026, 11:19AM ET: Details regarding Apple’s proactive measures to address this vulnerability have been included in this article.
Update, March 19, 2026, 10:10AM ET: Information has been added to clarify that while this vulnerability targets iOS 18, Apple has provided secure updates for these versions over the past six months.
Source: Engadget News