'Darksword' exploit just went global: Millions of iPhones now wide open to hackers

The DarkSword exploit that targets older versions of iOS continues to lurk as its unfortunately been uploaded to GitHub, the code repository platform. It has reportedly been patched, so you'll want to update your iPhone right now.

DarkSword was disclosed last week and caused alarm since it could be used to secretly install malware on iPhones running iOS versions 18.4 through 18.7. That initial disclosure suggested that the exploit was only being used by some malicious hacker groups and surveillance groups with a focus on businesses and governments.

However, TechCrunch is reporting that someone leaked the kit on GitHub and that it "will work out of the box." The leaker appears to have captured the attack in the wild.

Now it's in the wild

According to comments on the leak, the leak is a newer version of DarkSword and it “reads and exfiltrates forensically-relevant files from iOS devices via HTTP." This means that it can steal sensitive information from your iPhone or iPad and then send that data over the internet to a bad actor-controlled server.

The leaked exploit is both a boon and burden. Having access to a ready-to-go hack means that cyber criminals can quickly deploy it for their own plots. However, it also means that security vendors and Apple know exactly how the exploit works and can use it to bolster their defenses.

So far, DarkSword has proven to only work on the older iOS 18. Apple spokespeople previously told Tom's Guide that iOS versions 15 through iOS 26 are safe. If you are still on iOS 13, 14 or 18.4 through 18.7 you'll want to update immediately. Apple even released a support page urging iPhone owners to update, a rare move from the company.

“If you have kept your iPhone software up to date, then you are already protected,” the page reads. “We released a software update for iOS 15 and iOS 16 on March 11, 2026, to extend protection to older devices that cannot update to the latest version of iOS.”

How to stay safe

Immediately update your iPhone to ensure you've got the latest protections. Everything after iOS 18.7.6 appears to be safe.

Apple noted that iPhone 17 models come with a new Memory Integrity Enforcement feature, an always-on memory safety protection that is meant to help block spyware.

Initial reports suggested that DarkSword was being used to target Ukrainians by Russian hacker groups. But if you feel that you might be targeted, consider turning on Lockdown Mode, which has been available since iOS 16.

There isn't an iOS equivalent of the best Android antivirus apps, but one of the best Mac antivirus software programs can scan an iPhone or iPad for spyware and other malware. Connecting your iPhone to a Mac allows Intego’s Mac antivirus to scan it for viruses.

We don't see iPhone exploits all that often but when we do, they're usually quite complicated and leverage multiple vulnerabilities like we see here with DarkSword. Given how much valuable data is stored on the best iPhones, it won't be long until we see a similar exploit making the rounds online.

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.

More from Tom's Guide

• Apple could announce plans to bring ads to Apple Maps before the end of the month — and I hate that
• I walked 5,000 steps with the Garmin Forerunner 570 vs Apple Watch Ultra 3 — and the winner was nearly too close to call
• 'The MacBook Neo is just an iPad with a keyboard' — here’s why that is utterly wrong