The “golden age” of mobile security is facing a severe test this March. Following the discovery of the Coruna spyware earlier this month, a new and more aggressive threat named DarkSword has emerged, proving that even the most modern iPhone operating systems are not immune to state-level exploitation.
Also Read | Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
How DarkSword Works: The 6-Link Chain
DarkSword is what researchers call an “Exploit Kit.” It doesn’t rely on a single bug but chains six different vulnerabilities together to bypass Apple’s multi-layered defenses.
-
The Entry: It starts in Safari (WebKit). Simply loading a compromised webpage triggers the code.
-
The Escape: It “pivots” out of the browser’s sandbox into the device’s GPU process.
-
The Takeover: Finally, it exploits the XNU Kernel to gain “root” privileges—effectively giving the hacker total control over the phone.
DarkSword vs. Coruna: A Deadly Duo
March 2026 has seen a “one-two punch” in iOS exploits.
| Feature | Coruna (Found March 3) | DarkSword (Found March 18) |
| Target OS | iOS 13.0 to 17.2.1 | iOS 18.4 to 18.7 |
| Focus | Long-term surveillance | “Hit-and-Run” exfiltration |
| Stealth | High (Deeply embedded) | Extreme (Memory-only; wipes logs) |
| Primary Target | Political/Journalistic | Political + Financial (Crypto) |
Is Your iPhone at Risk?
If you are running iOS 18.4, 18.5, 18.6, or 18.7, you are within the “DarkSword Strike Zone.”
Researchers found the malware on dozens of compromised Ukrainian government and news sites, as well as a fake Snapchat-themed site used to target users in the Middle East. Because the exploit is “fileless” (it runs in the phone’s temporary memory), a simple restart will clear an active infection—but it won’t prevent you from being re-infected the next time you browse a compromised site.
Also Read | Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
Reality Check
While the headlines mention “millions at risk,” the threat is highly concentrated. If you are a standard user who keeps their apps updated and stays on the latest version of iOS, you are safe. Apple has already “burnt” this exploit by patching the underlying bugs in its March 2026 updates. The danger lies entirely with the “Update Laggards”—the roughly 18% of the user base that ignores software update notifications.
The Loopholes
Apple claims updates are the primary defense. In fact, this is a “Hygiene Loophole”—as iOS becomes more complex, the “attack surface” grows, allowing hackers to find “n-day” exploits (bugs that are patched but still exist on millions of un-updated phones). Still, the “Lockdown Loophole” remains; even on vulnerable versions of iOS 18, enabling Lockdown Mode successfully blocks the DarkSword exploit chain by disabling the specific Safari features it relies on.
Also Read | Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
What This Means for You
If you own an iPhone, stop what you are doing and check your settings. * The Update: Go to Settings > General > Software Update. Ensure you are on iOS 26.3.1 (or 18.7.6 for older hardware).
-
The Shield: If you are a journalist, activist, or handle significant cryptocurrency, enable Lockdown Mode (Settings > Privacy & Security > Lockdown Mode). It will make Safari slightly slower, but it makes you virtually “unhackable” by tools like DarkSword.
-
The Habit: Avoid clicking links in unsolicited SMS or “Snapchat” invites, as these are the primary delivery vectors for the initial “trap.”
What’s Next
Expect Apple to push a “Rapid Security Response” or a “Critical Security Update” alert to all older iPhones within the next 48 hours. Then, look for Google’s Safe Browsing to start flagging hundreds of “watering hole” domains associated with this campaign. Finally, expect major cryptocurrency exchanges to issue warnings to mobile users to move high-value assets to hardware wallets until the “DarkSword” wave subsides.
Also Read | Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
End…….
