Google and cybersecurity companies Lookout and iVerify have detailed a new hacking technique that potentially puts a significant portion of iPhone users in danger, just by visiting the wrong web page. The hack is called “DarkSword” and since it specifically targets several different versions of iOS 18, it could affect “close to a quarter of iPhones,” Wired writes.
DarkSword is a “fileless” hack that leverages a collection of exploits to access sensitive data when an iPhone visits an infected website. Rather than install spyware that hangs around on a user’s phone after messages and other private information are stolen, fileless hacks like DarkSword take control of “the legitimate processes in an iPhone’s operating system to steal data,” according to Wired. Even more troubling, DarkSword deletes any evidence it was running on an iPhone after it finishes stealing your information.
The hack starts as soon as an iOS device encounters an “malicious iframe embedded in a web page,” after which it works its way through your iPhone, gathering sensitive information like passwords before deleting itself. DarkSword can abscond with things like messages and iCloud content, but it’s also specifically designed to access crypto currency wallets, Lookout says, which could indicate who was using DarkSword before it became widely available.
DarkSword has reportedly been used in Ukraine, Saudi Arabia, Malaysia, Turkey and Russia, and its origins could be tied to a different hacking toolkit called Coruna that TechCrunch reports may have been created for the US government by a company called Trenchant. Regardless of where DarkSword came from, the tool didn’t become widely available until its Russian users left DarkSword’s source code on a website for anyone to access, “complete with explanatory comments in English that describe each component and include the ‘DarkSword’ name for the tool,” Wired writes.
Apple patched the exploits that DarkSword and Coruna used in recent updates to iOS 26, the yearly software release from 2025 that followed iOS 18. DarkSword targets iOS 18 releases between iOS 18.4 and iOS 18.6.2, and according to Apple’s latest iOS usage stats for developers, around 24 percent of iOS devices are still on some version of iOS 18.
However, Apple simultaneously released iOS 26 and iOS 18.7 on September 15, 2025. So even if people didn’t want to upgrade to iOS 28, a secure patch has been available for six months. Despite the fact that Apple’s stats indicate that about 24 percent of iPhone users are still on iOS 18, the actual number of potentially vulnerable phones is much lower. Still, it’s a good reminder to stay on top of software updates if only for the security features if nothing else.
Update, March 19, 2026, 10:10AM ET: This story has been updated to note that while this vulnerability targets iOS 18, Apple released iOS 18 updates over the last six months that are secure against this attack.
