Updated: March 25, 2026 Hundreds of millions of iPhone and iPad owners face a serious new threat. A powerful spyware tool called DarkSword just leaked online, giving hackers an easy way to target devices running outdated iOS software.
This is not another vague warning. Security researchers from iVerify, Lookout, and Google have confirmed the leak turns once-elite hacking tools into something anyone can use. The good news? A simple update can stop it cold.
Here’s your clear, step-by-step guide to understanding the risk and protecting your device today.
What Is DarkSword and Why Did It Leak?
DarkSword is a sophisticated iOS exploit kit designed to silently infect devices through compromised websites (a technique known as “watering hole” attacks). The leaked version—simple HTML and JavaScript files—appeared on GitHub in recent days.
No advanced coding skills required. Researchers say the files can be deployed in minutes, even by less-experienced attackers. A security hobbyist demonstrated the exploit live on an iPad mini running iOS 18, proving how straightforward it has become.
This leak “democratizes” iPhone hacking. Tools once reserved for nation-states are now available to cybercriminals worldwide.
Which Devices Are Vulnerable?
The exploit primarily hits iPhones and iPads on iOS 18 (versions 18.4 through 18.7 and earlier, before Apple’s latest patches). Apple has released fixes in newer iOS versions, but many users delay updates.
Key statistics (based on public device data):
- Roughly 220–270 million devices worldwide remain exposed.
- That’s about 14–25% of all active Apple devices globally.
- Older iPads running the same iOS versions are also at risk.
| iOS Version Range | Estimated Devices at Risk | Status |
|---|---|---|
| iOS 18.4 – 18.7 | 220–270 million | Vulnerable until updated |
| iOS 19+ (latest) | Minimal | Protected by patches |
| Older than iOS 18 | Lower risk (separate patches applied) | Still update anyway |
What Can Hackers Steal?
Once inside, DarkSword pulls a wide range of sensitive information and sends it to attacker-controlled servers. Targets have included users in Ukraine, China, Saudi Arabia, Turkey, and Malaysia—showing the threat crosses borders quickly.
Data at risk includes:
- Contacts, messages, and call history
- Saved passwords and Wi-Fi credentials
- Browser history and location data
- Notes, calendar entries, and health information
- Cryptocurrency wallet details
Cybercriminals can use this for identity theft, financial fraud, or even targeted surveillance.
How the Attack Works (Simple Breakdown)
- You visit a compromised website (often disguised as a trusted service).
- Malicious code exploits a flaw in older iOS versions.
- Spyware installs silently—no click needed in many cases.
- Data streams to the attacker.
Apple has blocked known malicious domains and issued emergency patches, but outdated devices stay exposed.
Apple’s Official Response
Apple confirms devices on the latest iOS versions are safe. The company states: “Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products.”
Apple also recommends Lockdown Mode for high-risk users—it blocks the attack vectors entirely, with zero reported infections when enabled.
5 Steps to Protect Your iPhone Right Now
Follow these actions today—each takes under two minutes:
- Update iOS immediately Go to Settings > General > Software Update. Install the latest version (iOS 19 or newer where available). Emergency patches were released as recently as March 11 for older devices.
- Enable automatic updates In the same menu, turn on “Automatic Updates” so you never fall behind again.
- Turn on Lockdown Mode (optional but powerful) Settings > Privacy & Security > Lockdown Mode. Ideal for journalists, activists, or anyone handling sensitive data.
- Avoid suspicious links Never click unknown URLs, even if they look official.
- Check for signs of compromise Unusual battery drain, overheating, or data usage spikes can be early warnings—restart your device and update immediately.
Quick Protection Checklist
| Action | Time Required | Effectiveness |
|---|---|---|
| Install latest iOS | 5–10 minutes | High |
| Enable Lockdown Mode | 30 seconds | Very High |
| Turn on auto-updates | 20 seconds | Ongoing |
| Review app permissions | 2 minutes | Medium |
Why This Leak Matters in 2026
iPhone exploits used to cost hundreds of thousands of dollars and required nation-state resources. Public leaks like DarkSword change the game. Cybersecurity experts warn we could see a surge in attacks over the coming weeks.
The incident also highlights a broader truth: even the most secure devices depend on timely updates from users.
Frequently Asked Questions
Q: Do I need to worry if I updated last month? A: No. Newer iOS versions include the fixes. Only older iOS 18 builds are affected.
Q: Is my data already stolen? A: Not necessarily. Check for updates and monitor accounts for unusual activity. Consider changing passwords from another device.
Q: What about Android users? A: This specific leak targets Apple devices only. Android has its own separate threats—always keep those updated too.
Q: Should I enable Lockdown Mode permanently? A: It limits some features (like certain websites and attachments). Use it if you’re in a high-risk group; otherwise, regular updates are enough for most people.
Stay One Step Ahead
The DarkSword leak is a wake-up call, not a reason to panic. Apple’s security model remains strong when users do their part. Update now, enable protections, and you remove yourself from the millions still at risk.
Bookmark this page and check back for updates. Your digital safety is worth five minutes of your time.
Sources include coordinated research from iVerify, Lookout, Google Threat Intelligence, and official Apple statements.