A sophisticated malware campaign has targeted iPhone users, exploiting a chain of six distinct security flaws. Researchers with a specialized threat intelligence group uncovered a toolkit, dubbed DarkSword, responsible for crafting three malicious families – Ghostblade, Ghostknife, and Ghostsaber – designed to compromise Apple’s mobile operating system.
The vulnerabilities within iOS versions 18.4 through 18.7 allowed attackers to silently install malware without requiring physical access to the device. Instead, malicious code was embedded within seemingly ordinary websites, waiting to execute upon a user’s visit.
Once activated, this JavaScript-based malware could steal sensitive personal data, surreptitiously record audio, and pinpoint a user’s location using cellular network information. All collected data was then transmitted to servers controlled by the attackers.
Fortunately, Apple has addressed each of these vulnerabilities. Patches were released across several iOS updates, with the final fixes arriving in iOS 26.3. Currently, the latest available version is iOS 18.7.6, released earlier this month.
The threat actors behind DarkSword specifically targeted individuals in Malaysia, Saudi Arabia, Turkey, and Ukraine. This geographic focus suggests a deliberate and targeted campaign, rather than a widespread, indiscriminate attack.
The specific security flaws exploited are cataloged within the Common Vulnerabilities and Exposures (CVE) database: CVE-2025-14174, CVE-2025-31277, CVE-2025-43510, CVE-2025-43520, CVE-2025-43529, and CVE-2026-20700. Each CVE entry details the nature of the vulnerability and the corresponding iOS version where it was resolved.
While iPhones are generally considered secure, this incident serves as a stark reminder that no device is entirely immune to attack. Maintaining vigilance and promptly installing software updates are crucial steps in safeguarding your digital life.
Apple strongly recommends that all users update to the newest iOS version compatible with their device. This ensures that the latest security protections are in place, shielding against known threats and bolstering overall device security.