If you have not updated your iPhone recently, you need to stop reading this and do it right now.
A powerful iPhone hacking tool called DarkSword was leaked publicly on GitHub on Monday.
Before the leak, DarkSword was a secret weapon used by government spies and professional hackers.
Now anyone in the world can download it, copy it, and use it against unprotected iPhones.
No hacking experience needed. No special skills required. The tool works out of the box.
“This is bad,” said Matthias Frielingsdorf, co-founder of mobile security firm iVerify. “They are way too easy to repurpose. I don’t think that can be contained anymore. So we need to expect criminals and others to start deploying this.”
iVerify estimates that around 221 million iPhones are currently vulnerable to DarkSword attacks.
What Is DarkSword?
DarkSword is an iPhone exploit kit. That means it is a ready-made package of hacking tools designed to break into iPhones without the victim doing anything wrong.
You do not need to click a suspicious link. You do not need to download a bad app. All you have to do is visit a website that has been set up by an attacker, or that has been quietly hijacked, and DarkSword can infect your phone in minutes.
The tool chains together six separate iPhone security flaws to take full control of the device. It breaks out of Apple’s security systems step by step until it has access to everything.
Once it is in, it can steal your messages, your passwords, your photos, your location history, your contact list, your Wi-Fi passwords, and the contents of your crypto wallets.
All of this happens silently, in the background, often within minutes. The victim never knows it happened.
Who Was Using It Before the Leak?
Until last week, DarkSword was a closely guarded espionage tool.
Google’s Threat Intelligence Group found it being used by a suspected Russian espionage group called UNC6353, targeting Ukrainians through compromised websites.
A Turkish commercial surveillance company called PARS Defense used it in campaigns against users in Turkey and Malaysia.
Other attacks were carried out against people in Saudi Arabia using a fake Snapchat website. Victims in those countries had their personal data stolen, including cryptocurrency wallet contents and exchange account credentials.
All of these were targeted attacks, carefully aimed at specific high-value individuals. That changed the moment DarkSword appeared on GitHub.
Why the GitHub Leak Changes Everything
Before the leak, building a tool like DarkSword required a team of expert researchers, millions of dollars, and years of work.
Now it is a free download. The code is written in plain HTML and JavaScript. Anyone can copy it, paste it onto a server, and have a working iPhone attack tool running within a few hours.
“There is no iOS expertise required,” Frielingsdorf told TechCrunch. “The exploits will work out of the box.”
A security researcher who goes by matteyeux confirmed this on Monday. He used the leaked DarkSword code to successfully hack an iPad Mini running iOS 18, just to demonstrate how simple it had become.
Allan Liska from Recorded Future put the danger plainly: “Right now, iPhone exploitations are among the most expensive to research and implement. If anyone can exploit an iPhone, suddenly something that has been relatively secure is now a much bigger attack surface.”
Rocky Cole, co-founder of iVerify, said it directly: “I would assume that it’s being used all around the world, including here in the United States.”
Which iPhones Are at Risk?
DarkSword targets iPhones running iOS versions 18.4 through 18.7.
Apple estimates that roughly 25% of all active iPhones are still running iOS 18. That works out to approximately 221 million devices globally.
The six security flaws that DarkSword exploits have all been patched by Apple. But the patch only protects you if you have installed it.
If your iPhone is running iOS 18.4 to iOS 18.7 and you have not updated, you are vulnerable right now.
What CISA Just Ordered
The US government took notice. The Cybersecurity and Infrastructure Security Agency, CISA, added three of the six DarkSword vulnerabilities to its official list of actively exploited security flaws on Friday.
All federal civilian agencies have been ordered to patch their devices by April 3. That is a hard deadline.
CISA also urged every private organization and individual to treat this as a priority and update their devices as soon as possible.
That last part applies to you.
DarkSword Is Not the Only One
DarkSword is actually the second iPhone exploit kit to be publicly disclosed in less than a month.
Two weeks before DarkSword was discovered, researchers found another tool called Coruna. It contained five full iPhone exploit chains and 23 separate vulnerabilities. Coruna was originally developed by a US defense contractor called L3Harris.
Both tools were originally designed for professional spies. Both have now been used by cybercriminals chasing cryptocurrency. Both were made publicly accessible in ways their creators did not intend.
That pattern is alarming. The most sophisticated phone hacking tools in the world are escaping their intended users and spreading into the broader criminal market. Once that happens, it cannot be undone.
What You Need to Do Right Now
The fix is simple. Update your iPhone.
Open your Settings app. Tap General. Tap Software Update. Install the latest version available for your device.
Apple recommends updating to iOS 18.7.6 or iOS 26.3.1. Either version patches all six DarkSword vulnerabilities.
If you are a journalist, activist, lawyer, or anyone else who might be targeted specifically, Apple also recommends enabling Lockdown Mode. Go to Settings, then Privacy and Security, then scroll down to Lockdown Mode and turn it on. It makes your phone slightly harder to use but significantly harder to hack.
Apple spokesperson Sarah O’Rourke said it clearly: “Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products.”
The tool is out. The fix exists. The only question is whether you install it before someone uses DarkSword against you.
About the Author
