Overview of DarkSword Hacking Tool

Recent findings have unveiled a new hacking technique that endangers a substantial number of iPhone users, particularly those operating on iOS 18. This tool, dubbed 'DarkSword,' specifically targets iOS versions between 18.4 and 18.6.2, allowing attackers to access sensitive information simply by directing users to a compromised webpage.

Apple's Response and User Protection

In light of this threat, an Apple representative confirmed that the company had addressed the essential vulnerabilities in iOS versions 15 through 26 last year. An emergency update was also released for devices still running iOS 15 and 16, which are unable to upgrade to newer versions. For those using older systems like iOS 13 or 14, an upgrade to at least iOS 15 is necessary to ensure security against threats like DarkSword.

Apple has made recommendations available to users for enhancing their security, reiterating that updates have been consistently provided to combat this particular vulnerability. The company also pointed out that the URLs associated with the threat, as reported in a security blog, are blocked by its Safe Browsing features in Safari.

Understanding the DarkSword Hack

DarkSword is categorized as a 'fileless' hacking method, which means it exploits a series of vulnerabilities to extract sensitive data without installing traditional spyware on the device. According to security experts, this approach enables the hacker to hijack legitimate processes within the iPhone's operating system to access private information. Troublingly, DarkSword is designed to erase all traces of its activity after it completes its data theft.

The attack commences when an iOS device encounters a malicious iframe embedded in a web page. Once activated, DarkSword systematically collects sensitive data, including passwords, messages, and iCloud information, before self-deleting. Notably, the hack is capable of targeting cryptocurrency wallets, raising concerns about potential financial theft.

Geographical Spread and Origins

Reports indicate that DarkSword has been utilized in various countries, including Ukraine, Saudi Arabia, Malaysia, Turkey, and Russia. Investigations suggest that its origins might be linked to a different hacking toolkit known as Coruna, which is believed to have been developed for the U.S. government by a company called Trenchant. The widespread availability of DarkSword only became apparent when Russian users left its source code on a public website, complete with detailed explanations and the tool's name.

Current Status and Recommendations

In response to the vulnerabilities exploited by DarkSword and Coruna, Apple has recently patched these in updates leading to iOS 26, which was released in September 2025. Despite the release of these updates, approximately 24 percent of iOS devices are still running some version of iOS 18, indicating that many users remain exposed to this threat. However, Apple has also rolled out iOS 18.7 alongside iOS 26, ensuring that even those reluctant to upgrade have access to crucial security patches.

To mitigate risks, it is essential for users to stay informed about software updates and proactively install them, not only for new features but primarily for enhanced security. Keeping devices updated is a critical step in safeguarding sensitive information from emerging threats.

Updates and Further Information

Update, March 19, 2026, 11:19 AM ET: This article has been updated with further details from Apple regarding the proactive patches applied to various iOS versions to address this vulnerability.

Update, March 19, 2026, 10:10 AM ET: This article has been revised to clarify that while the DarkSword vulnerability specifically targets iOS 18, recent updates have been made available to secure these versions against such attacks.

Source: Engadget News