Summary
- The DarkSword exploit targets iOS 18 (18.4 to 18.7) by leveraging multiple flaws to exfiltrate data when users open malicious links.
- It can steal contacts, messages, credentials, iCloud files, photos, and location history.
- Apple patched flaws and pushed emergency fixes; if you're on iOS 18, update to iOS 26 now.
If you've been waiting to update to iOS 26 because its Liquid Glass UI isn't great, it might be time to finally pull the trigger.
As first reported by Wired, security researchers at the Google Threat Intelligence Group that worked alongside Lookout and iVerify, have uncovered a new hacking tool that targets iPhones running iOS 18 to iOS 18.6.2. "DarkSword" allows bad actors to extract personal information from iPhones running these versions of iOS when users visit malicious links. According to the report, the exploit has already been used by state-sponsored Russian hackers in various attacks.
Below is an excerpt from the detailed report:
DarkSword supports iOS versions 18.4 through 18.7 and utilizes six different vulnerabilities to deploy final-stage payloads. GTIG has identified three distinct malware families deployed following a successful DarkSword compromise: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER.
While a lot of iPhone users have moved on to iOS 26, 270 million devices are still running iOS 18, leaving many smartphones vulnerable to the exploit. According to security researchers, DarkSword exploits "six different vulnerabilities" in Apple's mobile operating system and Safari, allowing hackers to steal contacts, messages, credentials, iCloud files, photos, location history, and more from devices.
Mozilla Firefox is getting a free built-in VPN, with a catch
It's a pretty respectable catch, all things considered
It's probably a good time to update to iOS 26
It's unclear how many devices have been hit with DarkSword
Google states that it reported the issue to Apple in 2025. In a statement to The Verge, Apple said that it patched "underlying vulnerabilities" in iOS last year before pushing out an "emergency software update last week for older devices that were unable to update to more recent versions of iOS."
In the report, Google says that its researchers observed state-linked hackers using DarkSword in campaigns targeting Ukraine, Saudi Arabia, Turkey, and Malaysia. With regard to Saudi Arabia specifically, hackers targeted users via a Snapchat-themed website featuring malicious links. It's unclear how many iPhones have actually been affected by DarkSword. That said, if you're still running iOS 18, it's probably time to update your device.
Earlier this month, Google and iVerify revealed iPhone spyware known as Coruna, which is hosted on the same server as DarkSword. You can find the full report on DarkSword here.
Bethesda says it's "further adjusting" the look of Starfield's DLSS 5's visuals following backlash
It seems like the studio is having second thoughts about the AI generated slop look