In the event you’ve been pushing aside an replace to iOS 26, now is perhaps the time to do it. On Wednesday, safety researchers revealed findings on a brand new hacking device that targets iPhones working iOS 18.4 to 18.6.2, as reported earlier by Wired. The “DarkSword” exploit permits unhealthy actors to scoop up the private data on iPhones that go to malicious hyperlinks, and has already been utilized by Russian hackers.
The Google Risk Intelligence Group labored with the cybersecurity corporations Lookout and iVerify to investigate the assault, which may have an effect on as much as 270 million units nonetheless working the impacted variations of iOS 18. When a person accesses a compromised web site, Google says DarkSword makes use of “six completely different vulnerabilities” to hold out an assault concentrating on Safari, giving unhealthy actors the power to gather textual content messages, contacts, saved credentials, iCloud information, photographs, cryptocurrency wallets, name logs, location historical past, and extra.
Google says it reported the vulnerability to Apple in late 2025. In an emailed assertion to The Verge, Apple spokesperson Sarah O’Rourke confirmed that Apple had patched all “underlying vulnerabilities” in iOS final yr earlier than issuing an “emergency software program replace final week for older units that have been unable to replace to more moderen variations of iOS.”
DarkSword makes use of a “hit-and-run” design that enables attackers to “extract high-value knowledge and disappear earlier than conventional detection strategies can reply,” in response to Lookout. Google says suspected Russian state-sponsored hackers used DarkSword to focus on customers in Ukraine, Saudi Arabia, Malaysia, and Turkey. These hackers have been additionally found utilizing an iOS exploit equipment known as Coruna, which Google highlighted in a report earlier this month. iVerify notes that the Russia-linked hackers left the DarkSword code “unobfuscated, unprotected and simply accessible,” making it straightforward for different unhealthy actors to entry and probably redeploy.
Google, Lookout, and iVerify discovered that the assault doesn’t affect customers in Lockdown Mode, an “excessive” safety characteristic for the iPhone that protects journalists, activists, and politicians from focused assaults. Apple and Google have additionally blocked the malicious hyperlinks utilized in DarkSword assaults in Safari and Chrome.
“Preserving software program updated stays the one most vital factor customers can do to keep up the excessive safety of their Apple units as these updates embody the most recent safety fixes and protections,” O’Rourke says.
