Security researchers have uncovered a concerning new hacking tool named DarkSword that specifically targets iPhones running iOS versions 18.4 to 18.6.2. As detailed by Wired, the exploit enables malicious actors to retrieve sensitive personal data from devices through infected links.
The Google Threat Intelligence Group, in collaboration with cybersecurity firms Lookout and iVerify, conducted a detailed analysis of the DarkSword attack. The exploit leverages six distinct vulnerabilities to launch attacks through the Safari browser, allowing bad actors to access various critical data such as text messages, contacts, credentials, iCloud files, photos, cryptocurrency wallets, call logs, and location history.
While the vulnerability was reported to Apple by Google in late 2025, Apple has since addressed the issue by patching the underlying vulnerabilities in iOS and releasing an emergency software update for older devices that could not upgrade to newer iOS versions. The exploit’s design, characterized as a ‘hit-and-run’ tactic by Lookout, enables rapid data extraction before conventional detection mechanisms can respond effectively.
Notably, suspected Russian state-sponsored hackers have been linked to the deployment of DarkSword, targeting users in several countries including Ukraine, Saudi Arabia, Malaysia, and Turkey. These threat actors were also found to be utilizing another iOS exploit kit named Coruna, underscoring the evolving landscape of mobile security threats.
Source: The Verge