The DarkSword attack on iOS 18 puts millions of iPhones at risk and exposes personal information

Cyber threats for iPhones with outdated iOS versions 18.4‑18.6.2

What is happening
Research by the Google Threat Intelligence Group in collaboration with Lookout and iVerify published findings on the malicious tool “DarkSword.” Attack
When a user visits a malicious webpage, the hacker exploits six different vulnerabilities. This allows access to Safari, and then to:
• text messages and contacts;
• stored credentials (passwords, keys);
• iCloud files and photos;
• cryptocurrency wallet data;
• call logs and location history;
and much more.

Risk volume
Around 270 000 000 devices with vulnerable iOS 18 versions could become victims.

How companies are responding
* Google – notified Apple of the issue at the end of 2025.

* Apple – last year fixed “core” vulnerabilities, and last week released an emergency update for devices that cannot install the latest iOS version.

Key facts about DarkSword
Characteristic Details Speed Attack works instantly; the attacker can steal data before traditional defensive mechanisms activate. Connection to other exploits Cybercriminals also use “Coruna” (discovered earlier this month). Code DarkSword was published without obfuscation, making it easily accessible to any attacker. Protection Does not work when Lockdown Mode is enabled. Apple and Google blocked Safari and Chrome from resources needed to launch the attack. Recommendation Apple Update software to the latest version – this is the primary way to protect against DarkSword and similar threats.

Conclusion
If your iPhone runs iOS 18.4‑18.6.2, update immediately to the current version. This will help prevent attackers from accessing your personal data via the DarkSword scheme.