'Think of it like someone buying a military‑grade lock‑picking robot.'
‘DarkSword’ works within seconds (Picture: Getty Images/iStockphoto)
Tech experts have discovered a major privacy hole in Apple iPhones and iPads that lets hackers easily steal people’s data.
The tool,called DarkSword,can infect websites and pry open devices to steal a user’s text messages,emails,and location history in seconds.
Prime targets include the estimated 270 million devices that run a certain iOS,Apple’s operating system.
Researchers observed DarkSword attacks targeting iPhone users in Ukraine,China,Saudi Arabia,Turkey and Malaysia.
The easily reusable exploit was discovered by Lookout,a mobile security company,and verified by Google and mobile threat hunters iVerify.
Just how bad is DarkSword,though? Metro spoke with cybersecurity experts to find out.
DarkSword is something experts like Rafe Pilling call an exploit chain,when crooks use software holes to get inside a device.
‘Think of it like someone buying a military‑grade lock‑picking robot and using it to silently let themselves into your phone without you ever seeing a notification,’ explains Pilling,the director of threat intelligence at Sophos X-Ops Counter Threat Unit.
‘These tools are designed to secretly break into someone’s mobile phone so the attackers can spy on messages,calls,photos,location and more.’
DarkSword uses sophisticated software to exploit six security gaps in the default web browser Safari and the graphics feature WebGPU,she adds.
They do this by infecting websites with fileless bugs. Once a user loads the site,the bugs hijack the iOS device’s legitimate processes.
One website that acted as a trap was a phoney version of Snapchat called ‘Snapshare’ (Picture: Google)
Aras Nazarovas,senior information security researcher at Cybernews,tells Metro: ‘You go to a fake or hacked website on your iPhone’s Safari browser (like a news page or login screen) and it secretly uses bugs in older iOS versions to grab your data fast,all without you clicking anything or noticing.’
A lot. Lookout says it can include:
Passwords
Photos
iMessage,WhatsApp and Telegram logs
Browser history
Calendar,Notes and Health app data.
Who created DarkSword remains a mystery,but researchers have seen several people use it.
Miller says that DarkSword involves the use of costly mobile malware,or malicious software,typically used by governments for espionage.
Rather than spies,however,researchers saw secretive hacker groups like UNC6353,using it to compromise Ukrainian websites from December.
This includes a website with a gov.ua address,according to iVerify.
The group even left the full,unobscured DarkSword code – complete with explanatory comments in English – so anyone can use it.
DarkSword attacks have targeted iPhone users worldwide (Picture: Shutterstock/Mr.Digital)
Hackers targeted Saudi Arabian iPhone users through a phoney version of the social media app Snapchat.
In the latter two,Google found customers of the Turkish security and surveillance firm PARS Defense using the tool.
Nazarovas says: ‘They’re deploying it for espionage to spy on journalists,activists,and officials,and also for financial theft like grabbing crypto wallets and credentials.’
Why DarkSword hits so hard is simple,says Marijus Briedis,the chief technology officer at NordVPN.
‘There is still a common belief that certain devices,particularly iPhones and Apple products,are largely immune to these kinds of threats,’ Briedis says.
‘In reality,no platform is completely protected when new vulnerabilities are discovered and actively exploited.’
DarkSword targets devices that are running older versions of iOS,specifically iOS 18.4 through iOS 18.7.
StatCounter,which tracks operating system adoption,said last month that close to a quarter of iPhone users still use the outdated system.
All iPhone users are being asked to update (Picture: Shutterstock/Tada Images)
Apple confirmed to Metro that the flaws have been patched out by updates.
It also highlighted a support page published yesterday to Metro that explains to users how to shield their phones from web attacks.
Miller also cautioned against downloading apps from random links or unknown websites and instead sticking to the Apple App Store.
Nzaraovas says that ‘high-risk’ users,like journalists,campaigners or diplomats,should take a few extra steps.
This includes switching on Lockdown Mode,use a ‘clean’ secondary phone with no personal apps and updating to iOS 26.3.1+.
Get in touch with our news team by emailing us at .
