What happened
Researchers uncovered a new iOS exploit known as DarkSword that is being used in infostealer attacks targeting Apple iPhones, allowing attackers to extract sensitive user data through malicious web links. The exploit targets devices running older versions of iOS and leverages multiple vulnerabilities in Safari to gain access to data such as messages, credentials, and cryptocurrency wallets. Security researchers, including teams from Google Threat Intelligence Group, Lookout, and iVerify, found that the attack uses a “hit-and-run” approach, rapidly collecting data and disappearing without leaving persistent malware on the device. The exploit has been observed in campaigns targeting users across multiple countries, with attackers embedding malicious code in compromised websites to trigger infections when visited.
Who is affected
Users running older or unpatched versions of Apple iOS, particularly those who access compromised or malicious websites, are affected, as the exploit can silently extract sensitive data from targeted devices.
Why CISOs should care
The campaign shows how advanced iOS exploits are being used in real-world infostealer operations, enabling rapid data theft without persistent malware and increasing risk across mobile enterprise environments.
3 practical actions
- Ensure iOS devices are updated. The exploit targets outdated iOS versions that have since received security patches.
- Monitor for abnormal mobile traffic. Detect unusual connections that may indicate data exfiltration from compromised devices.
- Restrict access to untrusted websites. Prevent exposure to malicious domains hosting exploit payloads.
For more reporting on cybersecurity developments involving the company, explore our coverage under the Apple tag.