Science & Teсh news

A new iPhone hacking tool puts anyone still on iOS 18 at risk

11 de julio de 2026Pablo Navarro2 min

Security researchers have uncovered a sophisticated new hacking technique, known as 'DarkSword,' which poses a significant threat to a large segment of iPhone users. This attack can compromise sensitive data merely by visiting a specific type of malicious webpage. Dubbed a "fileless" hack, DarkSword leverages a series of vulnerabilities within iOS 18 to gain unauthorized access. It is estimated that this could affect nearly a quarter of all active iPhones, specifically those running iOS 18 versions between 18.4 and 18.6.2.

Unlike traditional spyware that leaves a persistent presence, DarkSword operates by exploiting legitimate processes within the iPhone's operating system to extract information. Crucially, after it has finished stealing data such as messages, iCloud content, and passwords, DarkSword meticulously erases all evidence of its activity, making detection extremely difficult. The exploit is triggered as soon as an iOS device encounters a malicious iframe embedded in a web page, subsequently working its way through the system to gather private information.

A particularly concerning feature of DarkSword is its specific design to access cryptocurrency wallets. This functionality could offer clues regarding the original users or developers of the toolkit before it became more widely available. Reports indicate DarkSword has been employed in various regions, including Ukraine, Saudi Arabia, Malaysia, Turkey, and Russia. Its origins may be linked to a separate hacking toolkit named Coruna, which some sources suggest might have been developed for the US government by a company called Trenchant.

DarkSword's availability expanded significantly after its source code, complete with English explanatory comments detailing each component and naming the tool, was reportedly left exposed online by Russian users. While Apple has since patched the vulnerabilities exploited by DarkSword and Coruna in recent updates to iOS 26 (the software release from 2025 that followed iOS 18), a substantial number of users remain at risk. According to recent statistics, approximately 24% of iOS devices are still operating on iOS 18, leaving these devices vulnerable to DarkSword attacks.

Given the severity and stealth of this threat, it is strongly recommended that all iPhone users update their devices to the latest available software release as soon as possible. Keeping your iOS device current is the most effective way to protect against exploits like DarkSword and ensure the security of your personal data.