Leaked iPhone Exploit DarkSword Spreads Online

A dangerous iPhone hacking tool known as DarkSword has leaked online, increasing the risk for people still using older versions of Apple’s mobile software. Security researchers say the leak could make it much easier for more attackers to copy the method and use it in real-world scams or spyware campaigns.

DarkSword is designed to target iPhones and iPads running vulnerable older software, particularly iOS 18.4 through 18.7. In earlier reports, researchers linked the tool to surveillance vendors and suspected state-backed actors. Now that the code has reportedly appeared online, the threat is no longer limited to a small number of advanced groups.

Fig 1. A timeline of DarkSword usage and related patches. (Source: Google Threat Intelligence)

Why this leak matters

What makes this development especially worrying is how little effort may be needed from the victim. Researchers say DarkSword can be delivered through a malicious website, with a vulnerable device infected simply by visiting the page in Safari. That lowers the barrier for attackers and raises the chances of broader abuse.

The attack has also been tied to several malware strains. Once a device is compromised, attackers may be able to steal sensitive data, harvest passwords, access messages or files, and possibly keep access through backdoors. In some cases, the malware has been linked to attempts to collect cryptocurrency wallet information and other valuable account data.

The risk goes beyond your phone

For everyday users, the danger does not stop at the handset itself. A compromised iPhone can expose email accounts, cloud storage, saved passwords, work apps, and other connected services. Because many people use the same device for both personal and professional tasks, one successful phone attack can quickly turn into a much wider security problem.

Researchers have also connected DarkSword to an earlier iPhone exploit kit called Coruna. That matters because it suggests powerful mobile hacking tools are spreading more widely, rather than remaining in the hands of a few specialist groups. In practical terms, that means more copycats, faster reuse of attack techniques, and more pressure on users to patch quickly.

What iPhone users should do now

The good news is that Apple has already released fixes. Users running current versions of iOS are considered protected, and Apple has also issued updates for some older supported devices. For devices that cannot move to the newest software, Apple recommends installing the latest available security updates as soon as possible.

Lockdown Mode may also help reduce the risk. Apple says the feature can block this type of spyware-focused attack, although it limits some device functions. For people at higher risk, such as journalists, activists, or business users handling sensitive information, enabling it could provide an extra layer of protection.

The most important step for consumers is simple: update your iPhone or iPad immediately. If your device is too old for the newest version, install the latest security update it can receive. Avoid suspicious links, be cautious with unfamiliar websites, and remember that older, unpatched devices are now the easiest targets as leaked exploit code spreads online.