Researchers have uncovered a new iOS devices exploit kit dubbed “DarkSword” used to steal data from potentially millions of iPhones running iOS 18.4 through 18.6.2. The attack is linked to the Russian hacking group UNC6353 which recently used the Coruna exploit chain reported by Google and iVerify.
Brian Bell, CEO of customer identity and access management platform FusionAuth, provided the following comments:
“When a device can be silently compromised when visiting a website, perimeter-based and device-based security collapse. That’s not a future risk, it’s the current reality for anyone with a mobile user base.
The right response isn’t to wait for your users to patch. It’s to build authentication that assumes the device is already compromised. Short-lived tokens, step-up authentication before sensitive actions, forced re-authentication when signals change. Design for the breach, not against it.
And here’s the piece that most teams miss: most authentication platforms are SaaS; your token policies, session controls, and audit logs live in someone else’s cloud, under someone else’s access controls. But when authentication runs inside your own infrastructure, isolated from external dependencies, a compromised device doesn’t cascade into a compromised system. Identity is your last defense, so make sure you own it.”
If you are worried about this new exploit, the fix is simple. Which is to update to iOS 26 as that apparently is not affected. The most recent version of iOS 18 which at the time of this article is 18.7.3 is also not affected. But I would just go straight to iOS 26 as it is likely to protect you from more than this single exploit.
Like this:
Like Loading...
Related
This entry was posted on March 18, 2026 at 2:01 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
“DarkSword” iOS Exploit Can Steal Data from iPhones
Researchers have uncovered a new iOS devices exploit kit dubbed “DarkSword” used to steal data from potentially millions of iPhones running iOS 18.4 through 18.6.2. The attack is linked to the Russian hacking group UNC6353 which recently used the Coruna exploit chain reported by Google and iVerify.
Brian Bell, CEO of customer identity and access management platform FusionAuth, provided the following comments:
“When a device can be silently compromised when visiting a website, perimeter-based and device-based security collapse. That’s not a future risk, it’s the current reality for anyone with a mobile user base.
The right response isn’t to wait for your users to patch. It’s to build authentication that assumes the device is already compromised. Short-lived tokens, step-up authentication before sensitive actions, forced re-authentication when signals change. Design for the breach, not against it.
And here’s the piece that most teams miss: most authentication platforms are SaaS; your token policies, session controls, and audit logs live in someone else’s cloud, under someone else’s access controls. But when authentication runs inside your own infrastructure, isolated from external dependencies, a compromised device doesn’t cascade into a compromised system. Identity is your last defense, so make sure you own it.”
If you are worried about this new exploit, the fix is simple. Which is to update to iOS 26 as that apparently is not affected. The most recent version of iOS 18 which at the time of this article is 18.7.3 is also not affected. But I would just go straight to iOS 26 as it is likely to protect you from more than this single exploit.
Share this:
Like this:
Related
This entry was posted on March 18, 2026 at 2:01 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.