Overview
- Apple advised immediate updates, stating iOS 15 through 26 now include protections, with March 11 patches for iOS 15 and 16, critical security updates planned for devices stuck on iOS 13 or 14, and a recommendation to enable Lockdown Mode.
- Google Threat Intelligence Group, Lookout and iVerify disclosed DarkSword on March 18 as a six‑vulnerability iOS exploit chain that includes three zero‑days and enables full device takeover.
- Infection occurs through Safari by simply visiting a compromised legitimate website, requiring no taps or downloads to trigger the exploit.
- Operators use short‑lived, fileless payloads that target crypto wallets and credentials, extracting seeds, private keys and authenticator secrets in under 60 seconds before wiping traces.
- Researchers report multiple buyers and users of the kit, including state‑linked groups and a Turkish commercial vendor, with portions of code exposed online, and estimate more than 220 million devices were vulnerable before patches.