Recent reports have emerged detailing a new hacking technique called "DarkSword" that affects a significant number of iPhone users running iOS 18. This vulnerability can be exploited merely by visiting an infected web page, posing a serious risk to sensitive user data.

DarkSword specifically targets iOS 18 versions ranging from 18.4 to 18.6.2. In response to the threat, Apple has confirmed that vulnerabilities allowing such exploits have been patched in earlier iOS versions, specifically from 15 through 26. The company also issued emergency updates for devices that are unable to run the latest iOS versions, specifically for those still using iOS 15 and 16. Users operating on older systems, such as iOS 13 and 14, are advised to update to at least iOS 15 to ensure their protection.

Apple has taken steps to inform users of how to safeguard themselves against DarkSword. Despite the fact that not all users have upgraded to iOS 26, Apple has made available the necessary updates to protect against this threat. Additionally, URLs associated with this hack have been blocked by Apple's Safe Browsing features in Safari, providing further protection to users.

DarkSword is characterized as a "fileless" hack, meaning it exploits existing processes within the iPhone's operating system rather than installing persistent spyware. This technique allows the hack to steal sensitive information, such as passwords and messages, before erasing any trace of its activity. The hack is initiated when an iOS device comes across a "malicious iframe" embedded in a web page, leading it to gather private data, including messages and iCloud content. Notably, DarkSword is designed to target cryptocurrency wallets, raising concerns about the hack's potential impact on users' financial security.

The origins of DarkSword appear to be linked to a hacking toolkit named Coruna, which may have been developed for use by governmental organizations. Reports suggest that DarkSword was utilized in various countries, including Ukraine, Saudi Arabia, Malaysia, Turkey, and Russia. Its accessibility increased when Russian users left its source code online, complete with English comments explaining the components of the tool.

In recent updates, Apple has patched the vulnerabilities exploited by both DarkSword and Coruna, particularly in iOS 26, the latest software version released in September 2025. Despite the release of iOS 26, many users—an estimated 24 percent according to Apple's latest usage statistics—are still operating on iOS 18, which remains vulnerable to this hacking technique.

Although Apple released both iOS 26 and iOS 18.7 on September 15, 2025, users who are hesitant to upgrade to the latest iOS version can still benefit from patches designed to mitigate vulnerabilities linked to DarkSword. It's crucial for users to stay vigilant about software updates, not just for new features, but primarily for enhanced security measures.

Update, March 19, 2026, 11:19 AM ET: This article has been updated to include additional information from Apple regarding the proactive patches applied to various iOS versions to counter this vulnerability.

Update, March 19, 2026, 10:10 AM ET: This article has been revised to emphasize that while DarkSword targets iOS 18, Apple has released secure updates over the past six months to protect against this attack.

Source: Engadget News