Emerging iPhone Exploit DarkSword Threatens Users on Older iOS 18 Versions

Security researchers from Google, along with firms Lookout and iVerify, have revealed a fresh vulnerability in iPhones that could compromise numerous devices simply through exposure to a tainted webpage. Dubbed DarkSword, this exploit focuses on multiple variants of iOS 18, potentially impacting nearly 25% of all iPhones, as reported by Wired.

Operating as a fileless malware, DarkSword employs a series of vulnerabilities to extract confidential information whenever an iPhone loads a compromised site. Unlike traditional spyware that lingers post-theft of communications and personal files, this method hijacks standard iOS functions to pilfer data, according to Wired. Compounding the issue, it erases all traces of its activity once the data extraction concludes.

The intrusion begins upon detection of a harmful iframe within a webpage on an iOS gadget, subsequently navigating the device to collect critical details such as login credentials before self-erasing. Capable of swiping messages and iCloud data, DarkSword is notably tailored to target cryptocurrency storage, suggesting its prior deployment by specific actors before public dissemination, per Lookout.

Reports indicate DarkSword's application in regions including Ukraine, Saudi Arabia, Malaysia, Turkey, and Russia, with possible links to an earlier exploit suite named Coruna, which TechCrunch suggests was developed for the U.S. government by Trenchant. Despite uncertain origins, the toolkit gained broad accessibility after Russian operators inadvertently posted its full source code online, featuring English annotations that label each element and name the tool DarkSword, as noted by Wired.

Apple addressed the flaws exploited by DarkSword and Coruna through updates in iOS 26, the 2025 annual OS iteration succeeding iOS 18. However, adoption of the newest version remains incomplete. DarkSword preys on iOS 18 builds from 18.4 up to 18.6.2, and Apple's recent developer analytics show about 24% of iOS hardware still runs iOS 18. Exact exposure numbers are unclear without further breakdown, but generally, updating eligible devices promptly is essential for maintaining protection.