Update Your IPhone to Protect Yourself From DarkSword Malware.
If you have an iPhone, please note: there’s a new security threat that hackers have been actively exploiting since at least November. While you’re unlikely to be targeted by such an attack, your iPhone is still vulnerable unless you take the following (albeit simple) step: update your iPhone.
What is DarkSword?
The Google Threat Intelligence Group (GTIG), in collaboration with security firms Lookout and iVerify, has identified a new “full-chain exploit.” Dubbed “DarkSword,” the exploit leverages six zero-day vulnerabilities to compromise iPhones. According to GTIG, as of November, DarkSword has been observed being used in malware distribution campaigns by “numerous commercial video surveillance vendors and suspected nation-state actors.” So far, attacks have targeted Saudi Arabia, Turkey, Malaysia, and Ukraine.
According to GTIG, DarkSword can attack iPhones running iOS 18.4–18.7 (although iVerify and Lookout claim the vulnerability they tested only affects iOS 18.6.2). The chain uses three malware families (GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER) and is similar to a previously discovered malware set called Coruna. Incidentally, Apple recently released patches for Coruna vulnerabilities on older iPhone models .
DarkSword is designed to quickly and undetectably harvest credentials and personal information from your device, including passwords, keys, documents, emails, cryptocurrency wallets, usernames, photos, and other data. This happens in seconds or minutes, so DarkSword gets to work quite quickly. The attack works like this: you browse a website in Safari that has a malicious iframe embedded. Once Safari detects it, DarkSword is able to bypass the WebContent sandbox, which typically prevents unauthorized services from running in areas of iOS where they shouldn’t be. This quickly gains permission to access privileged processes and gains access to sensitive parts of iOS.
This is concerning because for the malware to work, the user simply needs to navigate to a malicious website. You don’t need to be tricked into downloading a malicious file; simply clicking a bad link is enough for it to work. This is how GTIG initially discovered DarkSword: hackers targeted users in Saudi Arabia using a fake Snapchat website called “Snapshare,” which redirected the user to the legitimate Snapchat site, stealthily stealing their information in the background. In another example, a group suspected of collaborating with the Russian government targeted users in Ukraine using malicious versions of official Ukrainian government and news websites.
How to Protect Yourself from the Dark Sword
Fortunately, GTIG reported DarkSword to Apple in late 2025, and Apple has since fully patched the associated vulnerabilities. However, the company didn’t release all the fixes at once; instead, Apple implemented individual fixes in various updates, releasing the final versions with iOS 26.3 and iOS 18.7.3. Therefore, to protect against this malware, you need to be running at least these versions of iOS 26 or iOS 18.
Updating your iPhone is easy, and it’s made easier by Apple not requiring an update to the latest version (like iOS 26) to install the patch. However, there are many iPhones in the world, and convincing everyone to update to the right version is no easy task. According to Apple, 66% of iPhones worldwide are running iOS 26, and 24% are running iOS 18. While we can’t know for sure which of these iPhones are running iOS 26.3 or iOS 18.7.3 or later, it’s safe to say that many are running outdated versions of each. Millions of iPhones could be at risk.
In my opinion, this risk is quite low: based on current reports, these attackers target users in limited regions and are operated by sophisticated networks, including those funded by governments. Unless you have reason to be targeted by a government agency, especially one that targets users in Saudi Arabia, Turkey, Malaysia, and Ukraine, you’re unlikely to fall victim to DarkSword.
Still, why take any risk, even a small one? If DarkSword continues to spread, its effects may accelerate. If the solution is as simple as updating your iPhone, what’s the harm?