Apple Responds to DarkSword Spyware, the Hacking Tool Aimed at iPhones

Uncategorized Mihnea

A multitude of articles, including coverage from Mashable, were released on Wednesday regarding a new hacking tool named DarkSword that is being utilized to target iPhones. Apple has now conveyed important details to Mashable concerning the threat and how it is being addressed.

Apple stated that last year, it patched the fundamental iOS vulnerabilities that the spyware took advantage of. Moreover, an emergency software update was also rolled out for iOS 15 and iOS 16 on March 11 for older iOS devices that were unable to upgrade to the latest, patched versions of iOS.

According to Apple, any user operating iOS 15 through iOS 26 is safeguarded against DarkSword spyware.

However, users on iOS 13 or iOS 14 must upgrade to iOS 15 to obtain the same protections for their devices. Apple noted that those continuing to use these outdated versions of iOS will receive a notification to install a Critical Security Update in the coming days.

Apple also disclosed that security researchers have verified that DarkSword spyware and similar exploits are ineffective on devices with Apple’s optional Lockdown Mode security feature enabled. Additionally, users of the iPhone 17 are shielded from such attacks due to the Memory Integrity Enforcement capability included in that model.

On Wednesday, Google, along with cybersecurity companies Lookout and iVerify, released in-depth reports concerning DarkSword, a new hacking toolkit being used by malicious actors, including a well-known hacking group linked to the Russian government. One of the most alarming features of DarkSword is that it doesn’t require the target to download any malware or other harmful files. Instead, DarkSword is operational simply when a target visits a compromised webpage.

Apple mentioned that Apple Safe Browsing in Safari blocks all recognized malicious URLs flagged by Google.

Apple also provided further general security and safety advice, such as employing two-factor authentication for logins, avoiding clicks on unfamiliar links or attachments, and consistently updating your devices’ software.

Additionally, Apple has published more details about how it safeguards users from these web-based assaults in a post available on its website.