Overview
- Apple released security fixes, including iOS/iPadOS/macOS 26.3.1 and back‑ports such as iOS 18.7.3, 16.7.15 and 15.8.7, and urges users to install updates now.
- DarkSword enables rapid hit‑and‑run data theft, pulling messages, emails, passwords, health data, browser history, contacts and crypto‑wallets within minutes before removing traces.
- The exploit chain targets iPhones on iOS 18.4 to 18.7, leaving an estimated 200 million or more devices vulnerable if not updated.
- Google’s Threat Intelligence Group, Lookout and iVerify link the kit to multiple campaigns since at least November 2025, with activity seen in Ukraine, Turkey, Saudi Arabia and Malaysia and use by a group tracked as UNC6353.
- For devices that cannot receive patches, experts recommend enabling Lockdown Mode and exercising extreme caution with links and untrusted webpages.