New iPhone Hack Threatens Hundreds of Millions of Devices
▼ Summary
– A sophisticated iPhone hacking tool called DarkSword has been found on infected websites, capable of silently compromising thousands of devices that visit them.
– The exploit works against older iOS versions, specifically iOS 18, leaving hundreds of millions of users who haven’t updated their devices vulnerable.
– DarkSword has been used by Russian state-sponsored spies and other hacking groups, deployed via compromised legitimate websites, including Ukrainian news and government sites.
– The full, well-documented DarkSword code was left exposed online, making it easily reusable and inviting further adoption by other cybercriminals.
– Apple has released security updates to protect against these threats, emphasizing that keeping software updated is the most critical step for user security.
A significant new hacking method has emerged online, posing a widespread threat to iPhone users globally. This technique, which security experts have named DarkSword, can silently and instantly compromise devices simply by visiting a malicious website. Unlike previous highly targeted attacks, this tool has been deployed indiscriminately, potentially putting hundreds of millions of people at risk. The exploit specifically targets devices running older versions of Apple’s operating system, including iOS 18, which still powers nearly a quarter of all iPhones according to recent data.
Security researchers from Google, iVerify, and Lookout uncovered DarkSword being actively used on compromised websites. “A vast number of iOS users could have all of their personal data stolen simply for visiting a popular website,” warns Rocky Cole, iVerify’s cofounder and CEO. He emphasizes that individuals using older Apple devices or outdated software remain particularly vulnerable to this attack.
This discovery follows closely on the heels of another sophisticated hacking toolkit called Coruna, which was linked to a Russian state-sponsored espionage group. While developed separately, DarkSword was used by the same Russian operatives. They embedded the code into legitimate Ukrainian websites, including news portals and a government agency site, to harvest data from unsuspecting visitors. Beyond this espionage campaign, evidence shows DarkSword was also used against targets in Saudi Arabia, Turkey, and Malaysia. In some instances, the tool appears to have been employed by clients of the Turkish security firm PARS Defense. Google analysts believe this pattern indicates the hacking method has already spread to multiple criminal groups and is likely to be adopted by more.
A critical factor amplifying the threat is the sheer carelessness of the hackers. Researchers found the complete, unobscured DarkSword code left openly accessible on the infected websites. The code even includes English-language comments explaining each component, making it exceptionally easy for other malicious actors to copy and reuse. Matthias Frielingsdorf, a researcher and cofounder at iVerify, notes the alarming simplicity, stating, “Anyone who manually grabbed all the different parts of the exploit could put them onto their own web server and start infecting phones. It’s all nicely documented, also. It’s really too easy.”
In response to these threats, Apple has released security updates designed to protect users from both Coruna and DarkSword. This includes emergency patches for older devices incapable of running the latest iOS version. The company stresses that keeping software up to date remains the single most important step users can take to secure their devices. Additionally, enabling the strictest security setting on iPhones, known as Lockdown Mode, provides protection against these types of exploits. An Apple spokesperson reiterated the company’s ongoing commitment, stating that its global security teams work tirelessly to safeguard user devices and data.
(Source: Wired)
