If you are using an iPhone, you need to read this. Apple has issued a security advisory for iPhone users to update their devices right away with the latest security patch after cybersecurity researchers from Google Threat Intelligence Group (GTIG), alongside firms iVerify and Lookout, revealed a sophisticated spyware situation. The exploit chain, dubbed DarkSword, can silently compromise vulnerable iPhones simply by visiting infected websites.
The discovery shows DarkSword leveraging multiple zero-day vulnerabilities to gain full device access on vulnerable iPhones. The spyware has been observed to be in use since at least November 2025 by suspected Russian state-sponsored actors and commercial surveillance vendors, targeting users in countries including Ukraine, Saudi Arabia, Turkey, and Malaysia. The attacks often involved compromised websites, such as Ukrainian news outlets or government pages, serving as watering holes to deliver the exploit.
DarkSword spyware on iPhones: Which models are vulnerable?
DarkSword targets iPhones running iOS versions 18.4 through 18.7 (released between March and August 2025). Once successfully infected, it deploys payloads that enable blanket data exfiltration, pulling sensitive information such as Wi-Fi passwords, text messages, call history, location data, browser history, SIM and cellular details, health records, notes, calendar entries, and even cryptocurrency wallet data, indicating both espionage and financial motives.
Google attributes recent campaigns to a cluster tracked as UNC6353, a suspected Russian espionage group previously linked to similar tools like the Coruna exploit kit. The infiltration of DarkSword mirrors how advanced zero-day chains can leak or be repurposed across threat actors, including commercial spyware vendors like UNC6748 (associated with Turkish firm PARS Defense).
Apple releases security patches
Apple has already addressed the vulnerabilities exploited by DarkSword. All known issues were fixed in iOS 26.3 (released earlier in 2026), with most of the issues patched in prior updates.
For older iPhones unable to run the latest iOS 26 version, Apple released a special security update for those still stuck on iOS 18.
Additionally, the company introduced its first-ever Background Security Improvements (BSIs) update this week, delivering critical security patches outside full OS cycles. One BSI fix resolved a high-severity WebKit flaw, allowing cross-origin bypass via improved input validation.
Apple also noted that enabling Lockdown Mode provides extra protection against such threats. Google also added compromised domains to its Safe Browsing blocklist and urged immediate updates.
What iPhone users need to do
Hence, iPhone users are advised to check for and install the latest iOS updates without delay, enable automatic updates, and consider Lockdown Mode if they believe they are at elevated risk (e.g., journalists, activists, or those in targeted regions). No evidence has suggested widespread infection among average users yet.