PSA: Hackers can raid iOS 18 with an infected link: iOS Security

A potent new hacking tool dubbed “DarkSword” has been discovered, capable of siphoning vast amounts of personal data from iPhones running specific versions of iOS 18. Security researchers found that this sophisticated exploit, already deployed by suspected Russian state-sponsored hackers, targets users who visit malicious links, underscoring the critical need for immediate software updates for millions of devices.

The exploit primarily affects iPhones operating on iOS versions 18.4 to 18.6.2. When a user clicks on a compromised website, DarkSword leverages what Google describes as "six different vulnerabilities" within Safari to initiate an attack. This "hit-and-run" methodology allows attackers to rapidly extract high-value information and vanish before traditional security measures can respond.

Among the sensitive data that can be collected are text messages, contacts, saved credentials, iCloud files, personal photos, cryptocurrency wallet details, call logs, and even location history. The broad scope of data compromised makes DarkSword a particularly alarming threat. Up to 270 million devices still running these impacted versions of iOS 18 could potentially be at risk, highlighting the widespread implications of the discovery.

The Discovery and Scope of DarkSword

The Google Threat Intelligence Group, in collaboration with cybersecurity firms Lookout and iVerify, spearheaded the analysis of the DarkSword attack. Their findings, first reported by Wired, shed light on the sophisticated nature of the exploit and its potential reach. The researchers noted that the Russian-linked hackers left the DarkSword code "unobfuscated, unprotected and easily accessible," raising concerns that other malicious actors could easily repurpose and redeploy it.

Suspected Russian state-sponsored hackers have been identified as the primary users of DarkSword, targeting individuals in Ukraine, Saudi Arabia, Malaysia, and Turkey. These same hacking groups were also observed utilizing another iOS exploit kit named Coruna, which Google highlighted in a separate report earlier this month, indicating a concerted effort to compromise Apple devices.

Apple's Swift Response and User Protections

Google reported the underlying vulnerabilities to Apple in late 2025. In response, Apple spokesperson Sarah O’Rourke confirmed in a statement to The Verge that Apple had already patched all "underlying vulnerabilities" in iOS last year. Furthermore, Apple issued an "emergency software update last week for older devices that were unable to update to more recent versions of iOS," demonstrating a proactive approach to mitigating the threat.

For users seeking heightened protection, the research indicates that DarkSword attacks do not impact iPhones operating in Lockdown Mode. This "extreme" security feature is specifically designed to safeguard journalists, activists, and politicians from highly targeted cyberattacks, offering an additional layer of defense against sophisticated exploits. Both Apple and Google have also taken steps to block the malicious links associated with DarkSword attacks in their respective Safari and Chrome browsers, preventing users from inadvertently accessing compromised sites.

Apple continues to emphasize the paramount importance of keeping devices updated. "Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices as these updates include the latest security fixes and protections," O’Rourke reiterated. This advice is particularly pertinent given the ongoing evolution of cyber threats like DarkSword.

Lingering Threats and Future Vigilance

The revelation of DarkSword serves as a stark reminder of the persistent and evolving threat landscape facing mobile users. While Apple has moved swiftly to patch the vulnerabilities, the exploit's ease of access for other bad actors, coupled with millions of potentially un-updated devices, means the threat could linger for those who delay essential software updates. Vigilance and proactive updating are critical to safeguarding personal data in the face of such sophisticated cyberattacks.

FAQ

Q: What is DarkSword and how does it affect iPhones?

A: DarkSword is a newly discovered hacking tool that targets iPhones running specific versions of iOS 18 (18.4 to 18.6.2). It exploits multiple vulnerabilities in Safari to steal extensive personal data—including text messages, contacts, photos, crypto wallet details, and location history—from devices that visit malicious links.

Q: How can I protect my iPhone from exploits like DarkSword?

A: The most crucial step is to keep your iOS software updated to the latest version, as these updates contain vital security fixes and protections. Additionally, Apple's "Lockdown Mode" offers an extreme layer of security for high-risk users, and both Apple and Google have blocked the malicious links used in DarkSword attacks in their browsers.

Q: Have the vulnerabilities exploited by DarkSword been fixed?

A: Yes, Apple confirmed that it patched all underlying vulnerabilities in iOS last year. An emergency software update was also issued last week for older devices that could not update to more recent iOS versions. However, iPhones still running the vulnerable iOS 18.4 to 18.6.2 versions without these patches remain at risk.