Skip to main content
News Directory 3
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Menu
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
DarkSword Hack: iOS Exploit Targets iPhones – Update & Protect Now - News Directory 3

DarkSword Hack: iOS Exploit Targets iPhones – Update & Protect Now

March 19, 2026 Lisa Park Tech
News Context
At a glance
  • A newly detailed hacking technique dubbed “DarkSword” poses a significant threat to iPhone users, potentially compromising devices simply by visiting a malicious webpage.
  • While Apple has already addressed the underlying vulnerabilities in iOS 26, released in 2025, and in subsequent updates to iOS 18, a substantial number of users remain vulnerable.
  • DarkSword distinguishes itself as a “fileless” hack, meaning it doesn’t install persistent spyware on the device.
Original source: engadget.com

New ‘DarkSword’ Exploit Impacts Millions of iPhones, Despite Apple Patches

A newly detailed hacking technique dubbed “DarkSword” poses a significant threat to iPhone users, potentially compromising devices simply by visiting a malicious webpage. The exploit, which targets iOS versions 18.4 through 18.7, leverages a chain of vulnerabilities to install malware and steal sensitive data, according to researchers at Google, Lookout, and iVerify.

While Apple has already addressed the underlying vulnerabilities in iOS 26, released in 2025, and in subsequent updates to iOS 18, a substantial number of users remain vulnerable. According to Apple’s latest iOS usage statistics, approximately 24 percent of iPhones are still running some version of iOS 18 as of March 2026. This means hundreds of millions of devices could be at risk.

DarkSword distinguishes itself as a “fileless” hack, meaning it doesn’t install persistent spyware on the device. Instead, it exploits legitimate processes within the iOS operating system to gain access to data, then deletes itself after exfiltrating the targeted information. This makes detection significantly more difficult. The speed of the attack is also notable; Lookout reports that DarkSword can collect and transmit data within seconds or minutes of compromising a device.

Origins and Recent Activity

The origins of DarkSword are intertwined with another iOS exploit kit called Coruna, which reportedly may have been developed by a US military contractor before falling into the hands of cybercriminal groups. While Coruna targets older iOS versions (13 to 17.2.1), DarkSword represents a more recent and sophisticated threat.

Recent activity indicates that DarkSword is being actively deployed by multiple actors, including commercial surveillance vendors and suspected state-sponsored groups. Google Threat Intelligence Group (GTIG) has observed campaigns targeting individuals in Saudi Arabia, Turkey, Malaysia, and Ukraine since at least November 2025. Notably, UNC6353, a suspected Russian espionage group previously associated with Coruna, has incorporated DarkSword into its “watering hole” campaigns, specifically targeting Ukrainian users.

In one instance, UNC6353 compromised two Ukrainian web domains, including a government domain, to deliver the exploit via malicious JavaScript. The group appears to be particularly interested in stealing cryptocurrency wallet details, suggesting a potential financial motive or targeting of individuals with significant digital assets.

How DarkSword Works and What to Do

The attack vector for DarkSword typically involves a malicious iframe embedded within a webpage. When a vulnerable iPhone visits the infected site through the Safari browser, the exploit chain is triggered. The hack then proceeds to gather sensitive information, including messages, iCloud content, and potentially cryptocurrency wallet data.

Apple has taken steps to mitigate the threat, publishing details on how users can protect themselves and blocking malicious URLs associated with DarkSword through its Safe Browsing features in Safari. The company urges users to update their devices to the latest version of iOS. While iOS 26 offers the most comprehensive protection, updates released throughout the iOS 18 lifecycle also contain critical security patches.

The proliferation of DarkSword, and its adoption by diverse threat actors, mirrors the earlier spread of the Coruna exploit kit. This trend highlights the growing market for zero-day vulnerabilities and the increasing sophistication of mobile hacking techniques. IPhone users should prioritize keeping their devices updated and exercise caution when browsing unfamiliar websites to minimize their risk of falling victim to this and similar attacks.

Share this:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X

Related

Apple, DarkSword, iOS versions, iPhone

Search:

News Directory 3

News Directory 3 catalogs US newspapers, news services, newsstands and digital news outlets across all 50 states. Browse local publishers by city, state, or topic, and follow current headlines linked back to their original sources.

Quick Links

  • Disclaimer
  • Terms and Conditions
  • About Us
  • Advertising Policy
  • Contact Us
  • Cookie Policy
  • Editorial Guidelines
  • Privacy Policy

Browse by State

  • Alabama
  • Alaska
  • Arizona
  • Arkansas
  • California
  • Colorado

© 2026 News Directory 3. All rights reserved.
For contact, advertising, copyright, issues email: office@newsdirectory3.com