An iPhone is reassuring. The device is sleek, secure, stamped with the Apple logo, and marketed as a pocket-sized safe. However, in recent months, cybersecurity researchers have uncovered a less comfortable reality: iOS vulnerabilities have been exploited to compromise devices without their owners noticing anything amiss, simply by browsing a website on a mobile browser.
On Wednesday, March 18, these experts described a formidable mechanism, now patched: the infection required neither frantic clicking of a suspicious button nor the installation of an obscure application. Visiting a malicious webpage was enough. Analyses corroborated by several industry players indicate that the targeted iPhones were running older versions of iOS, between iOS 18.4 and 18.7, a range broad enough to affect users who postpone updates, either out of laziness or misplaced caution.
At the heart of the matter is an exploit chain integrated into a toolkit dubbed "DarkSword," identified by Lookout's team. Once the door is opened, the tool would work to siphon sensitive data: saved passwords, photos, SMS messages, call logs, browsing and location history, not to mention content linked to messaging apps like Telegram or WhatsApp. The kind of inventory that transforms a phone into an open diary on the living room table.
DarkSword, the toolbox that fits in your pocket
What's striking is the industrial scale. According to researchers, the vulnerabilities have been exploited by several actors since at least November 2025. A malicious website targeting Saudi internet users presented itself as a resource for Snapchat users, a classic way to lure them in without raising suspicion. Other operations detected in Malaysia and Turkey are attributed to an unidentified state client of PARS Defense, a Turkish company that sells surveillance tools.
Ukraine also appears on the radar, through malicious websites targeting the Ukrainian public, in a campaign attributed to a Russian group. This discovery comes in the wake of a Google report on "Coruna," a technique described as similar and also attributed, among others, to the same Russian actor against Ukrainian targets. The message is clear: the Apple ecosystem is not a sanctuary; it is a hunting ground like any other when state or state-sponsored forces are involved.
Apple, for its part, regularly releases patches and hammers home a simple piece of advice: keep iOS up to date. On paper, it's digital hygiene; in practice, it's a discipline, almost a routine, as attacks become increasingly sophisticated and sophisticated. The persistent impression remains that consumer security now hinges on a single detail, a version, a delayed update… and that the next attack is already waiting for its opportunity.
Community
Comments
Comments are open, but protected against spam. Initial posts and comments containing links undergo manual review.
Be the first to comment on this article.