Apple responds to DarkSword spyware, the hacker tool targeting iPhones
A new form of iPhone threat is emerging that targets devices by steering users to compromised websites, without requiring any malware download. The toolkit, dubbed DarkSword, operates through web-driven exploits that activate when a user visits a tainted page.
Apple has outlined how it addressed the issue and what protectors exist for users. The company notes that the core iOS vulnerabilities exploited by the toolkit were patched in a previous security update. For owners of older devices unable to install the patched builds, Apple issued an emergency software update on March 11 to bridge the protection gap.
Devices running iOS 15 through iOS 26 are reported to have protections that prevent the spyware from functioning as designed. Users still on iOS 13 or iOS 14 are advised to upgrade to iOS 15 to receive these safeguards. Those on earlier versions should expect a Critical Security Update notification in the coming days to guide them toward a secure contact point.
Researchers have described DarkSword as a drive-by style threat: it can operate without requiring the user to download a malignant file. Apple reiterates that its Safe Browsing technology in the browser blocks known dangerous destinations, reducing the risk for users who encounter compromised sites.
Beyond patching, Apple points to additional defensive measures: enabling stronger authentication, avoiding unfamiliar links or attachments, and keeping devices current with the latest security updates. The company also shares broader guidance on defending against web-based attacks and practical steps users can take to minimize exposure.
Newer iPhone hardware includes extra protections that constrain certain sensitive behaviors and enforce integrity checks, creating a further hurdle for attempts to inject unauthorized code. When combined with regular software updates and robust device defenses, these measures form a layered shield against browser-driven compromises.
In practical terms, the takeaway is straightforward: keep devices up to date, enable strong authentication, and approach unfamiliar websites with caution to reduce the likelihood of encountering exploits like DarkSword.
