RSS
Last updated: May 13, 2026 at 5:42 AM UTC
All 208 Vulnerability 72 Breach 41 Threat 88 Defense 7
Tag: iphone (3 articles)Clear
defense
CVE-2025-31277CVE-2025-43529CVE-2026-20700CVE-2025-14174CVE-2025-43510CVE-2025-43520
2026-04-01

Apple breaks policy to push DarkSword patches to millions more iOS 18 iPhones

In an unusual move, Apple expanded iOS 18.7.7 to cover far more devices on April 1 - breaking its normal practice of using security updates to push users to the newest OS. Around 20% of iPhones remain on iOS 18 (some by choice, some because they can't run iOS 26), and Apple now considers the DarkSword threat serious enough to backport protections rather than leave those users exposed. The update covers iPhone XR through iPhone 16e and multiple iPad generations. Devices with Automatic Updates enabled get it without user action.

appleiosdarkswordiphonebackport-patch
Check
Check your MDM for any managed iPhones or iPads still running iOS 18.4 through 18.7 without the 18.7.7 update.
Affected
iPhones and iPads running iOS/iPadOS 18.4 through 18.7 that haven't received the 18.7.7 update. Roughly 20% of all iPhones are still on iOS 18.
Fix
Push iOS 18.7.7 via MDM or ensure Automatic Updates is enabled. For maximum protection, upgrade to iOS 26.4 or enable Lockdown Mode on high-risk devices. Apple confirms Lockdown Mode blocks DarkSword attacks.
threat
CVE-2026-20700
2026-03-28

Russian APT TA446 weaponizes leaked DarkSword exploit kit to target iPhones via spear-phishing

The leaked DarkSword iOS exploit kit is already being weaponized. Proofpoint attributes a new spear-phishing campaign to TA446 (also known as COLDRIVER/Star Blizzard), a Russian FSB-linked group that has never previously targeted Apple devices. The emails spoof Atlantic Council discussion invitations and redirect iPhone users to the exploit kit, which deploys the GHOSTBLADE dataminer. Proofpoint warns the targeting is unusually broad - hitting government, finance, legal, and education sectors.

ta446coldriverdarkswordiosiphonespear-phishingrussia
Check
Ensure all company iPhones and iPads are updated, and alert staff about spoofed discussion invitation emails.
Affected
iPhones running iOS 18.4 through 18.7.1. TA446 targets government, think tank, higher education, financial, and legal organizations.
Fix
Update to iOS 18.7.2 or later. Block the domains escofiringbijou[.]com, motorbeylimited[.]com, and bridetvstreaming[.]org. Enable Lockdown Mode on high-risk devices.
threat
CVE-2026-20700CVE-2025-43529CVE-2025-14174
2026-03-23

DarkSword iOS exploit kit leaked on GitHub - hundreds of millions of unpatched iPhones at risk (CVE-2026-20700)

A government-grade iPhone hacking toolkit called DarkSword was leaked on GitHub on March 23 - and researchers say it's trivially easy to use. Written entirely in HTML and JavaScript, anyone can host it and hack iPhones running iOS 18.4 through 18.7.1. It chains six vulnerabilities including three zero-days for full device takeover, stealing messages, location data, and crypto wallets. Roughly a quarter of all iPhones remain on vulnerable versions.

appleiosiphonezero-dayexploit-kitgithub
Check
Check all company iPhones and iPads for outdated iOS versions.
Affected
iOS 18.4 through 18.7.1. Also iOS 13 through 17.2.1 via the related Coruna exploit kit.
Fix
Update to iOS 18.7.2 or later (or iOS 26.3). Enable Lockdown Mode on high-risk devices. Push MDM policies to enforce updates.