Recent reports have unveiled a significant cybersecurity threat targeting iPhone users running iOS 18. The hacking tool, known as DarkSword, exploits vulnerabilities in iOS versions 18.4 to 18.6.2, putting a large number of users at risk simply by visiting compromised websites.

According to cybersecurity experts, DarkSword is a fileless hack that utilizes a series of vulnerabilities to access sensitive data on iPhones. Unlike traditional spyware that remains on a device after data theft, fileless hacks like DarkSword operate by hijacking legitimate processes within the iPhone’s operating system, allowing them to extract information without leaving traces. Once the data is stolen, DarkSword deletes any evidence of its activity.

In response to this alarming threat, Apple representatives confirmed that they had patched many of the vulnerabilities exploited by DarkSword in updates released for iOS versions 15 through 26 last year. They also issued emergency updates for devices using iOS 15 and 16 that cannot upgrade to newer versions. It is important for users on older systems, such as iOS 13 and 14, to upgrade to at least iOS 15 to ensure their protection.

Apple has provided guidance on how users can protect themselves from this threat. The company emphasizes that updates have been available for all users, even those not on iOS 26, to help guard against DarkSword. Additionally, Apple’s Safe Browsing features in Safari can block the malicious URLs identified in security advisories.

DarkSword initiates its attack when an iPhone encounters a malicious iframe embedded in a webpage. It then systematically gathers sensitive information, including passwords, text messages, and iCloud data, targeting specific assets like cryptocurrency wallets, which raises concerns about the hack's potential use in cybercrime.

This hacking tool has reportedly been utilized in various regions, including Ukraine, Saudi Arabia, Malaysia, Turkey, and Russia. Investigations suggest that DarkSword may have connections to another hacking toolkit known as Coruna, which some reports indicate was developed for the U.S. government by a firm named Trenchant. The tool became more widely accessible after its source code was unintentionally published online by Russian users, complete with comments explaining its functionality.

In light of these developments, Apple has released updates for both iOS 26 and iOS 18.7 as of September 15, 2025. While approximately 24 percent of iPhone users are still operating on some version of iOS 18, the actual number of vulnerable devices may be less due to the availability of security patches for earlier versions. Nevertheless, this situation serves as a reminder of the importance of keeping software up to date for security reasons.

Update, March 19, 2026, 11:19 AM ET: The article has been revised to include information from Apple regarding proactive patches for vulnerable iOS versions.

Update, March 19, 2026, 10:10 AM ET: The article has been updated to clarify that although DarkSword specifically targets iOS 18, Apple has released secure updates for iOS 18 in the past six months.

If you purchase something through a link in this article, we may earn a commission.

Source: Engadget News