An attack targeting pre-iOS 26 iPhones has leaked online, making it easy for any hacker to adopt and abuse it.
The “DarkSword” attack raises alarm bells because it can be hosted on a website to secretly install malware on vulnerable iPhones using iOS 18.4 to 18.7. The iPhone merely needs to visit the malicious site via Apple’s Safari browser.
When the exploit was first disclosed, security researchers had only identified a few shadowy groups and surveillance vendors involved in the attack. But since then, the DarkSword code has been posted to GitHub. One of the security companies that warned about DarkSword, iVerify, says the leaked code “will work out of the box,” according to TechCrunch.
The leak appears to have come from an unnamed GitHub user who claims to have captured the attack in the wild. Though a suspected Russian hacking group was recently found using DarkSword to target Ukrainian iPhone owners, the mysterious GitHub user says they aren’t interested in Russian or Ukrainian politics, but wanted to expose the attack, calling it “sloppy tradecraft.”
Leaking the code is a double-edged sword; although cybercriminals can quickly adopt it for their own schemes, publicizing the exploit techniques can also force the entire industry to bolster its defenses to stop the threat.
The good news is that DarkSword has only been proven to work on older versions of iOS, although iOS 26 adoption has reportedly been slow. In a rare move, Apple published a support page urging iPhone owners to update to the latest version of iOS.
“If you have kept your iPhone software up to date, then you are already protected,” the company wrote. “We released a software update for iOS 15 and iOS 16 on March 11, 2026, to extend protection to older devices that cannot update to the latest version of iOS.”
Recommended by Our Editors
The company also noted that iPhones that activate Lockdown Mode, which can protect users from spyware threats, can also block DarkSword. For users with even older iPhones, Apple says: “Devices with iOS 13 or iOS 14 must update to iOS 15 to receive these protections and will receive an additional alert to install a Critical Security Update in the next few days.”
Still, it’s possible hackers could use DarkSword and improve upon it. One developer in Europe claims to have used the leaked code to develop a way to hack an even wider range of software versions, from iOS 15 to iOS 26.0.1, although his code remains untested at this point.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
Leave a comment