iOS Vulnerabilities - DarkSword Exploit Targets Unpatched iPhones

The Flaw

Researchers at Google have discovered a serious exploit chain named DarkSword that targets unpatched iPhones. This exploit combines six vulnerabilities in iOS and Safari, affecting devices running iOS versions 18.4 through 18.7. The alarming part? Just visiting a compromised website can lead to a malware infection, known as a drive-by attack. This means users might not even realize they are at risk until it’s too late.

DarkSword has been utilized by various threat actors, including state-backed groups and commercial spyware vendors. Campaigns have been observed in countries such as Saudi Arabia, Turkey, Malaysia, and Ukraine. In these attacks, malicious websites have been set up to lure victims, often masquerading as legitimate services. For example, attackers in Saudi Arabia created a fake Snapchat app to deceive users into downloading malware.

What's at Risk

Once a device is compromised, the malware can execute various malicious tasks. The most notable payload delivered through DarkSword is Ghostblade, a data-stealing malware. Ghostblade can extract a wide array of sensitive information, including:

• SMS and iMessage messages
• Call history and contacts
• Wi-Fi credentials and browsing history
• Health data and photos
• Cryptocurrency application data

This malware is particularly dangerous because it targets both personal and financial information. It actively seeks out apps related to major cryptocurrency exchanges and wallets, making it a potential threat for users involved in digital currencies. Furthermore, Ghostblade is designed for quick data extraction, deleting its traces after the theft, making detection difficult for victims.

Patch Status

The good news is that Apple has acknowledged these vulnerabilities. Recent updates include patches for CVE-2026-20700 and related issues. Users are strongly urged to update their devices to the latest iOS version as soon as possible. This is critical for anyone running versions 18.4 to 18.7, as they are the most vulnerable to the DarkSword exploit.

For individuals who might be at higher risk, such as journalists and activists, enabling Lockdown Mode can provide an additional layer of security. This feature restricts certain functionalities on the device, making it harder for attackers to exploit vulnerabilities.

Immediate Actions

To protect yourself from the DarkSword exploit, follow these steps:

1. Update your iOS to the latest version available.
2. Enable Lockdown Mode if you are a potential target for attacks.
3. Use real-time anti-malware protection to block malicious websites.
4. Avoid clicking on links from unsolicited messages, especially related to sensitive services.
5. Consider using hardware wallets for high-value cryptocurrency assets.
6. Enable multi-factor authentication on your financial accounts to enhance security.

By taking these precautions, you can significantly reduce the risk of falling victim to the DarkSword exploit and protect your sensitive data from malicious actors.