Khaberni - In one of the most complex cyberattacks that Apple's "iOS" operating system has recently witnessed, security researchers revealed a devastating security vulnerability called "DarkSword" (Dark Sword).
It is estimated that about 220 million iPhone devices are affected, representing 14% of the total global iOS users.
The new exploit, described as a "professional integrated platform," has been successfully used to steal passwords, cryptocurrency data, and private messages, targeting millions of users in specific geographic regions including Ukraine and Malaysia.
"GHOST" family: three weapons to steal your digital life
The investigation by experts from Lookout, in collaboration with Google's Threat Intelligence Group and iVerify, revealed that the exploit is not just a transient vulnerability but a malicious system spread across three separate families of software known as "GHOST," as follows:
Ghostblade: Specialized in harvesting comprehensive data, from crypto wallets to browsing logs and personal photos.
Ghostknife: Designed to break into registered accounts and read messages, call logs, and track geographic location history.
Ghostsaber: The executive tool that allows attackers to remotely execute codes and steal sensitive data.
6 vulnerabilities and tremendous destructive power
"DarkSword" relies on a series of 6 security vulnerabilities (CVEs) that have been technically tracked (including CVE-2026-20700 and CVE-2025-31277), where the exploit is delivered through hacked websites targeting the device's "Sandbox."
According to Stat Counter and Apptunix data, it is estimated that about 220 million iPhone devices are affected, representing 14% of the total global users of the iOS system, as reported in "Wired".
Timeline and targeted versions
The activity of this threat began in November 2025, primarily targeting devices operating on older versions, specifically from iOS 18.4 to iOS 18.7. iVerify's research suggests that the early versions of iOS 26 might also be vulnerable, making an immediate update imperative.
According to experts, Lookout stated that "DarkSword" reflects a massive engineering effort, as it was designed in a high-level programming language that ensures its "maintainability and future scalability," indicating the presence of professional entities behind its development.
Your complete guide to protection: How to secure your device now?
Reports confirmed that "Apple" has addressed these vulnerabilities in its recent updates. To protect your data, follow these steps:
Immediate update: If your device supports the latest systems, upgrade immediately to iOS 26.3.1.
Minimum security: For older devices that do not support the newer versions, it is necessary to update to iOS 18.7.6 at least, to cover the principal vulnerabilities.
Activate "Lockdown Mode": It is highly recommended to activate this mode available since iOS 16 to provide an additional layer of defense against sophisticated attacks.
External inspection: Due to the absence of direct antivirus programs on iOS, Mac users can connect their phones and scan them using software such as Intego Mac Antivirus to detect any remnants of spyware.
Despite the rarity of iPhone breaches compared to other systems, the emergence of "DarkSword" proves that the high value of data stored in these devices will always attract major internet hackers.
