A recently discovered iOS exploit chain, dubbed DarkSword, poses a significant threat to unpatched iPhones, leveraging six vulnerabilities in iOS and Safari to deploy malware on devices. This exploit chain has been utilized by multiple actors in targeted attacks since late last year, according to researchers at Google1. The vulnerability affects iPhones running iOS versions 18.4 through 18.7, and users can be infected simply by visiting a malicious or compromised website, making it a drive-by attack. The fact that multiple vulnerabilities are combined to create this exploit chain highlights the importance of keeping devices up to date with the latest security patches. As a result, iPhone users who have not updated their devices to the latest iOS version are at risk of being infected with malware, so practitioners should prioritize patching these vulnerabilities to prevent potential attacks.
A DarkSword hangs over unpatched iPhones
⚡ High Priority
Why This Matters
The exploit works against iPhones running iOS versions 18.4 through 18.7, and simply visiting a malicious or compromised website with a vulnerable device can be enough to get.
References
- Malwarebytes Labs. (2026, March 19). A DarkSword hangs over unpatched iPhones. *Malwarebytes*. https://www.malwarebytes.com/blog/mobile/2026/03/a-darksword-hangs-over-unpatched-iphones
Original Source
Malwarebytes Labs
Read original →