Originally reported by WIRED Security
TL;DR
Russian threat actors have been discovered using DarkSword, a sophisticated zero-day exploit that can compromise iOS 18 devices simply by visiting infected websites. The technique potentially affects hundreds of millions of iPhones currently in use.
Zero-day exploitation tool actively used by nation-state actors against hundreds of millions of devices via drive-by attacks represents immediate critical threat. The scale and accessibility of the attack vector (visiting infected websites) combined with confirmed active use elevates this to maximum severity.
Russian threat actors are actively exploiting a previously unknown vulnerability affecting iOS 18 devices using a technique designated DarkSword, according to research published by WIRED Security. The exploit enables full device compromise through drive-by attacks that require only visiting a malicious website.
DarkSword represents a significant escalation in mobile device targeting, operating as a watering hole attack that requires no user interaction beyond navigating to an infected webpage. The technique affects devices running iOS 18, potentially impacting hundreds of millions of iPhones currently deployed globally.
The discovery marks another instance of nation-state actors successfully weaponizing zero-day vulnerabilities against mobile platforms, following previous campaigns targeting both iOS and Android ecosystems.
The drive-by nature of DarkSword attacks eliminates traditional user education defenses, as victims need not download applications or click suspicious links. This attack vector significantly lowers the barrier for successful exploitation and enables broad-scale targeting campaigns.
The technique's deployment by Russian operators suggests potential intelligence collection objectives, though specific targeting criteria and payload functionality remain under investigation.
iOS device operators should prioritize applying security updates as they become available from Apple. Organizations managing mobile device fleets should consider implementing additional network-level protections and monitoring for indicators of compromise on managed devices.
The discovery underscores the continued evolution of nation-state mobile exploitation capabilities and the critical importance of maintaining current patch levels across mobile device infrastructures.
Originally reported by WIRED Security