Tech experts have discovered a major privacy hole in Apple iPhone and iPads that lets hackers easily steal people’s data.
The tool, called DarkSword, can infect websites and pry open devices to steal a user’s text messages, emails, and location history in seconds.
Prime targets include the estimated 270 million devices that run a certain iOS, Apple’s operating system.
Researchers observed DarkSword attacks targeting iPhone users in Ukraine, China, Saudi Arabia, Turkey and Malaysia.
The easily reusable exploit was discovered by Lookout, a mobile security company, and verified by Google and mobile threat hunters iVerify.
Just how bad is DarkSword, though? Metro spoke with cybersecurity experts to find out.
What is DarkSword?
DarkSword is something experts like Rafe Pilling call an exploit chain, when crooks use software holes to get inside a device.
‘Think of it like someone buying a military‑grade lock‑picking robot and using it to silently let themselves into your phone without you ever seeing a notification,’ explains Pilling, the director of threat intelligence at Sophos X-Ops Counter Threat Unit.
‘These tools are designed to secretly break into someone’s mobile phone so the attackers can spy on messages, calls, photos, location and more.’
DarkSword uses sophisticated software to exploit six security gaps in the default web browser Safari and the graphics feature WebGPU, she adds.
They do this by infecting websites with fileless bugs. Once a user loads the site, the bugs hijack the iOS device’s legitimate processes.
Aras Nazarovas, senior information security researcher at Cybernews, tells Metro: ‘You go to a fake or hacked website on your iPhone’s Safari browser (like a news page or login screen) and it secretly uses bugs in older iOS versions to grab your data fast, all without you clicking anything or noticing.’
What data can be stolen?
A lot. Lookout says it can include:
- Passwords
- Photos
- iMessage, WhatsApp and Telegram logs
- Browser history
- Calendar, Notes and Health app data.
Who has used this exploit?
Who created DarkSword remains a mystery, but researchers have seen several people use it.
Miller says that DarkSword involves the use of costly mobile malware, or malicious software, typically used by governments for espionage.
Rather than spies, however, researchers saw secretive hacker groups like UNC6353, using it to compromise Ukrainian websites from December.
This includes a website with a gov.ua address, according to iVerify.
The group even left the full, unobscured DarkSword code – complete with explanatory comments in English – so anyone can use it.
Hackers targeted Saudi Arabian iPhone users through a phoney version of the social media app Snapchat.
In the latter two, Google found customers of the Turkish security and surveillance firm PARS Defense using the tool.
Nazarovas says: ‘They’re deploying it for espionage to spy on journalists, activists, and officials, and also for financial theft like grabbing crypto wallets and credentials.’
Who is impacted? What should people do?
DarkSword targets iPhones that are running older versions of iOS, specifically iOS 18.4 through iOS 18.7.
StatCounter, which tracks operating system adoption, said last month that close to a quarter of iPhone users still use the outdated system.
Apple confirmed to Metro that the gaps that let hackers pry open devices have been patched out by updates.
Users running the latest versions of iOS 15 through iOS 26 are already protected, the tech giant added.
Apple also highlighted a support page published yesterday to Metro that explains to users how to shield their phones from web attacks.
Nzaraovas says that average Apple users just need to update their phones.
‘High-risk users, like journalists, activists, diplomats, or execs in targeted regions should enable Lockdown Mode immediately (it blocks many web exploits like DarkSword), use a dedicated “clean” secondary iPhone for sensitive work with no personal apps and update to iOS 26.3.1+ while coordinating with security experts to check their devices for signs of this specific threat,’ he adds.
Miller also cautioned against downloading apps from random links or unknown websites and instead sticking to the Apple App Store.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.
MORE: These Apple deals in the Amazon Spring Sale won’t last long – here’s what to buy now
MORE: Chilling Snapchat ads offering children £380 to nick phones with ‘£100 bonus scheme’
MORE: NHS urges Brits to switch on app feature now after 16,000,000 patients miss out on care
