Reusable 'DarkSword' iPhone exploit found in the wild, putting many iOS 18 devices at risk
Mar 18th 2026
Security teams disclosed a new iPhone exploit called DarkSword that has been deployed on infected websites to compromise iPhones running iOS 18, steal a wide range of personal data, and was left publicly accessible for reuse by other attackers.
- Researchers at Google, iVerify and Lookout found DarkSword embedded in compromised websites that silently hack visiting iPhones.
- DarkSword exploits most versions of iOS 18 but does not affect devices updated to the latest iOS 26 release.
- The tool uses fileless smash-and-grab tactics to steal passwords, messages, photos, browser history, health data and cryptocurrency credentials without leaving a persistent implant.
- Researchers say the full, documented DarkSword code was left accessible on infected sites, making it easy for other attackers to reuse.
- The campaign was linked to a Russian state-associated actor and likely originates from a brokered market for exploits, increasing the risk of broader criminal reuse.
Articles
- Russians caught stealing personal data from Ukrainians with new advanced iPhone hacking tools techcrunch.com
- Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild www.wired.com
- Researchers uncover iPhone spyware capable of penetrating millions of devices www.reuters.com
- PSA: Hackers can raid iOS 18 with an infected link www.theverge.com