Think your iPhone is secure? This new iOS 18 hack may change that
A new iOS exploit can steal users' private information from their iPhones simply by users visiting an infected website on Safari web browser.
You may be interested in
If you haven’t updated your iPhone in a while, now might be a good time to do so. Earlier this week, security researchers from Google and two cybersecurity firms, Lookout and iVerily, shared their findings of a new hacking technique that steals user’s data – all from visiting a wrong website on their iPhones. The exploit called “DarkSword” was first discovered in late 2025. Since then, it has been used to target iPhone users in Saudi Arabia, Turkey, Malaysia and Ukraine.

"...if you’re using an older version of iOS and were to click a malicious link or visit a compromised website, the data on your iPhone might be at risk of being stolen," Apple wrote in its security blog.
What is DarkSword and what information can it steal?
DarkSword is not a single exploit. Instead, it uses a combination of six different vulnerabilities in iOS versions 18.4 through 18.7 to target vulnerable iPhones. It uses 'hit-and-run' technique to steal users' highly sensitive data before erasing its presence to avoid detection.
iVerify says that DarkSword works as a "1-click exploit" that can be hosted on any website to target vulnerable iPhones that visit it through Apple's Safari web browser. Simply put, unlike most malware DarkSword doesn’t need to be installed on a vulnerability. It can be triggered simply by the user visiting an infected website. Once the hack has been triggered, it can be used to steal sensitive data from compromised iPhone models.
So, what information can it steal? According to Google's Threat Intelligence Group, DarkSword can steal a wide variety of sensitive data from the compromised iPhones, which includes Wi-Fi passwords, text messages, call history, root location history, browser history, SIM card, cellular data, health data, notes and calendar databases. It can also steal details pertaining to crypto wallets from the compromised devices.
Who is affected by this exploit and how can I safeguard myself?
DarkSword primarily targets iPhones running iOS versions from 18.4 through 18.7, which arrived last year. Apple has since then moved on to iOS 26, with the latest version being iOS 26.3.1, which arrived earlier this month. So, if you are running the latest iOS version on your iPhone, your data is safe. However, if you are running an older iOS version, updating your iPhone to the latest available iOS version is the easiest way to safeguard yourself.
Apple says that iPhones running the latest and updated versions of iOS 15 through iOS 26 are already protected and that the devices running iOS 13 or iOS 14 must update to iOS 15 to receive these protections. The company also said that it will roll out an additional alert to install a Critical Security Update to these devices in the coming days.
Apple also says that users who are unable to update their iPhones can Lockdown Mode to protect their data.
ABOUT THE AUTHORShweta GanjooShweta Ganjoo is a Chief Content Producer at HT Tech. She has over 10 years of experience covering technology, during which time she has focused on consumer tech devices, AI, social media, gadgets, and tech policy, delivering authoritative and reader-focused insights across India’s fast-evolving digital ecosystem. She began her career in the early 2010s, building a strong foundation in digital-first reporting as India’s tech landscape rapidly expanded. Over the years, she has worked with leading media organizations including India Today Tech, Indian Express Group, and Techlusive, where she played a key role in scaling editorial content and audience engagement. At HT Tech, she drives product recommendation coverage, combining newsroom leadership with hands-on reporting experience. Her expertise spans smartphones, wearables, smart home devices, AI, and social media ecosystems, along with regulatory developments shaping the tech industry. Shweta is known for her analytical approach to product reviews and news coverage, grounded in hands-on testing and real-world usability. She has conducted industry interviews, tracked emerging tech trends, and produced research-backed stories using verified sources and expert inputs. She holds a masters in Mass Communication, which complements her professional experience in digital journalism and content strategy, and aligns with her academic background in technology. Shweta follows a reader-first editorial philosophy, prioritising accuracy, transparency, and fact-checked reporting to deliver reliable, insightful, and practical insights.Read More

E-Paper




Space Black





