Urgent Warning Issued: Hundreds of Millions of iPhones Potentially at Risk from New ‘DarkSword’ Exploit
Cybersecurity experts have sounded the alarm over a sophisticated new exploit, dubbed ‘DarkSword,’ that could compromise the personal data of hundreds of millions of iPhone users worldwide. The Google Threat Intelligence Group, alongside researchers from cyber firm Lookout and mobile security specialist iVerify, have published coordinated analyses detailing how this exploit leverages a chain of six vulnerabilities within Apple’s iOS and Safari browser.
This malicious chain allows attackers to silently infiltrate targeted devices and install malware, all without requiring any user interaction beyond simply visiting a compromised or malicious website. This shocking discovery underscores the persistent threat posed by cybercriminals and the critical importance of maintaining up-to-date software on all devices.
How the ‘DarkSword’ Exploit Works
The DarkSword exploit is particularly insidious because it doesn’t rely on tricking users into downloading suspicious files or clicking malicious links directly. Instead, it capitalises on weaknesses in the underlying operating system and web browser. By visiting a compromised website, even one that appears legitimate, users can unwittingly trigger the exploit. This allows attackers to gain a foothold on the device and subsequently install various forms of malware.
The exploit chain reportedly involves six distinct flaws, meticulously chained together to bypass security measures. This multi-stage approach makes it more difficult to detect and mitigate compared to simpler exploits.
Who is Behind the Attacks and Where
Researchers have observed DarkSword being deployed in real-world attacks by a range of malicious actors. These include commercial spyware firms, who likely use the exploit for surveillance and data extraction, as well as state-backed entities. Activity associated with DarkSword has been identified in several countries, including:
- Saudi Arabia
- Turkey
- Malaysia
- Ukraine
The involvement of both commercial and state-sponsored groups highlights the versatility and high demand for such sophisticated hacking tools.
The Impact on Vulnerable Devices
The DarkSword exploit specifically targets iPhones running iOS versions 18.4 through 18.7. While these are relatively recent versions, the sheer number of iPhones in circulation means a significant portion of the user base could be at risk if they haven’t updated their devices.
Once a device is infected, the attackers can install different types of spyware tailored to their objectives. One such variant, known as ‘Ghostblade,’ is particularly concerning. This spyware is designed for mass data exfiltration, capable of stealing a vast array of personal information.
The Dangers of ‘Ghostblade’ Spyware
The ‘Ghostblade’ component of the DarkSword exploit is engineered to harvest an extensive range of sensitive data. This includes, but is not limited to:
- Text messages
- Call history
- Contact lists
- Photos and videos
- Emails
- Stored passwords
- Precise location data
- Browsing history
- Files stored in iCloud
Furthermore, ‘Ghostblade’ can access messages from popular encrypted messaging applications like WhatsApp and Telegram, effectively bypassing their security features. The spyware also actively scans for cryptocurrency apps and digital wallets, posing a direct threat to users’ financial assets and sensitive financial information.
A particularly alarming feature of ‘Ghostblade’ is its stealthy exit strategy. Unlike some spyware that lingers on a device for extended periods, this malware reportedly grabs the desired data and then self-deletes, making it significantly harder for users and security software to detect its presence after the fact.
Apple’s Response and User Recommendations
An Apple spokesperson acknowledged the exploits, stating that they targeted “out-of-date software.” The company emphasised that the underlying vulnerabilities have been addressed through multiple software updates released over the past several years for users running the latest versions of their operating systems.
“Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,” the spokesperson stressed.
For users who believe they might be targets of such attacks, particularly journalists, activists, or individuals handling sensitive information, Apple recommends enabling Lockdown Mode. This advanced security feature can be activated by navigating to:
- Settings
- Privacy & Security
- Tap Lockdown Mode
- Follow the prompts to turn it on and restart your device.
The Scale of the Threat: Millions Still Vulnerable
While Apple has released fixes, the reality is that many users do not consistently install software updates. According to estimates from iVerify and Lookout, based on public data, an estimated 220 million to 270 million iPhones could still be running older, potentially exposed iOS versions. This substantial number highlights the ongoing challenge of ensuring widespread adoption of security patches and the persistent threat posed by unaddressed vulnerabilities. The DarkSword exploit serves as a stark reminder that vigilance and proactive security practices are paramount in safeguarding personal data in today’s digital landscape.
