Recent revelations have surfaced regarding a significant hacking threat named "DarkSword" that endangers a considerable number of iPhone users running iOS 18. This new hacking technique targets users specifically on iOS 18 versions ranging from 18.4 to 18.6.2, simply requiring them to visit an infected web page.

In response to the threat, an Apple representative confirmed that the company had addressed the vulnerabilities exploited by DarkSword in previous updates, specifically in iOS versions 15 through 26, released last year. Furthermore, Apple issued an emergency update for devices still operating on iOS 15 and 16 that are unable to upgrade to newer versions. Users of iOS 13 or iOS 14 must update to at least iOS 15 to ensure their devices are secure, as these operating systems were released back in 2019 and 2020.

To combat this emerging threat, Apple has also shared details on protective measures for users, echoing the information provided to the media. Even for those not on iOS 26, updates have been made available to shield users from this particular risk. Apple also reassured users that URLs identified in Google's security blog are blocked by the Safe Browsing feature in Safari, adding an additional layer of security.

DarkSword operates as a "fileless" hack, utilizing a range of exploits to access sensitive information as an iPhone navigates to a compromised website. Unlike traditional spyware, which remains on a device after compromising it, DarkSword commandeers legitimate processes within the iPhone's operating system to extract data. Alarmingly, the hack erases all traces of its operation after stealing the user's information.

The attack begins when a user's iOS device encounters a malicious iframe embedded in a web page, allowing DarkSword to infiltrate the system and collect sensitive data such as passwords, messages, and even iCloud content. Notably, it is specifically designed to access cryptocurrency wallets, which suggests that the tool may have been initially utilized by individuals before it was made broadly accessible.

Reports indicate that DarkSword has been employed in various regions, including Ukraine, Saudi Arabia, Malaysia, Turkey, and Russia. Its origins may be linked to another hacking toolkit known as Coruna, which was reportedly developed by a company named Trenchant for the U.S. government. However, DarkSword became widely available when its Russian users left its source code exposed on a public website, complete with English descriptions of its components.

Apple has actively patched the vulnerabilities exploited by both DarkSword and Coruna in its recent updates to iOS 26, the new software release from 2025. Presently, DarkSword specifically targets iOS 18 versions between 18.4 and 18.6.2. According to Apple’s latest statistics for developers, approximately 24 percent of iOS devices are still operating on some version of iOS 18.

Despite the simultaneous release of iOS 26 and iOS 18.7 on September 15, 2025, users still running iOS 18 have access to patches that address these vulnerabilities. Although a significant portion of users is still on iOS 18, the actual number of devices at risk may be lower due to these updates. Nevertheless, this situation serves as an important reminder for all users to prioritize software updates, not just for new features, but crucially for enhanced security measures.

Update, March 19, 2026, 11:19 AM ET: This article has been updated with information from Apple regarding the versions of iOS that have been proactively patched to mitigate this vulnerability.

Update, March 19, 2026, 10:10 AM ET: This article has been updated to clarify that while this vulnerability primarily targets iOS 18, Apple has released secure updates for iOS 18 over the past six months.

Source: Engadget News