US agencies ordered to patch iPhone flaws linked to DarkSword spyware
US cybersecurity authorities have ordered federal agencies to urgently patch critical iPhone vulnerabilities exploited by a sophisticated hacking tool known as DarkSword, as Apple warned users to update their devices.
The Cybersecurity and Infrastructure Security Agency instructed agencies to fix the flaws within two weeks, underscoring the severity of the threat. The vulnerabilities affect iOS versions 18.4 to 18.7 and allow attackers to fully compromise devices without user interaction beyond visiting a malicious website.
The DarkSword tool was disclosed on March 18 by Google’s Threat Intelligence Group in coordination with cybersecurity firms Lookout and iVerify. It exploits six security flaws to gain access to sensitive data, including passwords, messages, iCloud content, photos, location history and cryptocurrency wallet credentials. After extracting data, the tool deletes its traces within minutes.
Researchers said DarkSword has been in use since at least November 2025 by multiple actors, including a Turkish surveillance software vendor and a suspected Russian-linked espionage group identified as UNC6353. The group deployed the tool through “watering hole” attacks on legitimate news and government websites, targeting users in countries such as Saudi Arabia, Turkey, Malaysia and Ukraine.
Security experts noted that the tool is designed for rapid data collection rather than long-term surveillance. Once the targeted information is obtained, it removes any evidence of compromise and shuts down, making detection more difficult.
Apple said devices running updated versions of iOS are already protected. The company issued additional patches earlier in March for older systems, including iOS 15 and iOS 16, to extend protection to legacy devices. iPhones still operating on outdated software such as iOS 13 or 14 are urged to upgrade to at least iOS 15.
The company emphasized that keeping software up to date is the most effective way to prevent exploitation. For users unable to update, researchers recommend enabling Lockdown Mode, a security feature designed to limit attack surfaces.
Despite these measures, a significant portion of devices may remain exposed. Apple estimates that roughly 24 percent of iPhones still run versions of iOS 18, potentially leaving hundreds of millions of devices vulnerable.
