Major iPhone Security Flaw Exposed: DarkSword Hack Steals Data in Seconds
Tech security experts have uncovered a critical privacy vulnerability affecting Apple iPhones and iPads, enabling hackers to swiftly steal personal data through a tool called DarkSword. This exploit chain can infect websites and compromise devices to extract text messages, emails, location history, and passwords within moments.
What Is the DarkSword Exploit?
DarkSword is described by cybersecurity professionals as an exploit chain, where attackers leverage software weaknesses to infiltrate devices. Rafe Pilling, director of threat intelligence at Sophos X-Ops Counter Threat Unit, explains, "Think of it like someone buying a military-grade lock-picking robot and using it to silently enter your phone without triggering any notifications. These tools are engineered to covertly breach mobile phones, allowing surveillance of messages, calls, photos, and location data."
The tool exploits six security gaps in Safari, the default web browser, and the WebGPU graphics feature. It operates by infecting websites with fileless bugs that, upon loading, hijack legitimate iOS processes. Aras Nazarovas, senior information security researcher at Cybernews, notes, "Users visiting a fake or compromised website on Safari—such as a news page or login screen—can have their data rapidly stolen via bugs in older iOS versions, all without any clicks or user awareness."
Scope of the Threat and Targeted Data
DarkSword poses a significant risk, with prime targets including an estimated 270 million devices running specific iOS versions. According to mobile security company Lookout, which discovered and verified the exploit with Google and iVerify, the hack can steal:
- Passwords and photos
- iMessage, WhatsApp, and Telegram logs
- Browser history and calendar entries
- Data from Notes and Health apps
Researchers have observed attacks targeting iPhone users in Ukraine, China, Saudi Arabia, Turkey, and Malaysia. The exploit's origins remain unknown, but it has been used by hacker groups like UNC6353, which compromised Ukrainian websites, including a gov.ua address, since December. In Saudi Arabia, hackers deployed it through a fake Snapchat app, while in other cases, customers of Turkish firm PARS Defense utilized the tool.
Nazarovas adds, "DarkSword is deployed for espionage against journalists, activists, and officials, as well as for financial theft, such as accessing crypto wallets and credentials."
Who Is Impacted and How to Protect Yourself
The exploit targets iPhones running older iOS versions, specifically iOS 18.4 through iOS 18.7. StatCounter reports that nearly a quarter of iPhone users still operate on outdated systems. Apple has confirmed that security gaps enabling these attacks have been patched in updates, with users on the latest iOS 15 through iOS 26 versions already protected.
To safeguard devices, average users should update their iPhones immediately. High-risk individuals, such as journalists, activists, diplomats, or executives in targeted regions, are advised to:
- Enable Lockdown Mode to block web exploits like DarkSword
- Use a dedicated secondary iPhone for sensitive work, free of personal apps
- Update to iOS 26.3.1 or later and consult security experts for threat checks
Experts also caution against downloading apps from unknown links or websites, recommending strict use of the Apple App Store. Apple has published a support page detailing how users can shield their phones from web-based attacks, emphasizing the importance of regular updates and vigilance in digital practices.
