A group of researchers have identified a vulnerability in iOS 18 that allows hackers to access sensitive iPhone data.
As first reported by Wired, the Google Threat Intelligence Group and its associates discovered the exploit, which is dubbed “DarkSword” and leverages malicious links against those running iOS 18.4 to 18.6.2. Once a user accesses a compromised website, DarkSword launches “six different vulnerabilities” onto Safari, enabling bad actors to steal data like texts, contacts, photos, wallets and more.
Google says it reported the vulnerability to Apple late last year, although the iPhone maker wouldn’t comment to Wired. However, a spokesperson for Apple later told The Verge that it patched all “underlying vulnerabilities” last year and rolled out an additional “emergency software update last week for older devices that were unable to update to more recent versions of iOS.”
As Wired notes, up to 270 million devices still run the impacted versions of iOS 18, so it was especially important to spread the word about DarkSword. Google says it suspects that Russian state-sponsored hackers are behind the vulnerability. Apple, meanwhile, says the “single most thing users can do” to protect their devices is to keep their software up to date.
