0:00
0:00
Apple issues an unusual warning: this is how your iPhone can be hacked without you doing anything
Apple urges users to urgently update their iPhones after new research revealed advanced hacking tools targeting outdated iOS versions, enabling deep remote access and large-scale data extraction.
Apple has issued an unusual warning, urging iPhone users to update their devices immediately.
The reason is new cybersecurity research indicating that Russian intelligence, Chinese cybercriminals, and malicious hackers are using advanced tools to take control of devices running older versions of the iOS operating system.
These tools, called DarkSword and Coruna, are no longer isolated vulnerabilities but full exploit kits.
They were described this month by Google and cybersecurity firms iVerify and Lookout as tools that provide hackers with deep remote access to iPhones, including the ability to access all of their contents.
At iVerify, the extent of access these tools can gain was detailed.
“DarkSword is a surveillance and intelligence-gathering tool that extracts data on a large scale, including Wi-Fi passwords, text messages, call history, full location data, browsing history, SIM details, and cellular data.
In addition, it has the ability to extract data from health apps, notes, and calendars,” according to the company’s blog.
Apple, on the other hand, emphasized that these tools are effective only against devices running older versions of the operating system.
“Keeping software up to date is the most important thing users can do to maintain the security of their Apple devices,” said company spokesperson Sarah O’Rourke in an official statement.
According to security experts interviewed by the media, the findings are concerning.
Despite Apple’s reputation as a company that produces relatively secure devices, it appears that older versions of iOS are particularly vulnerable, and this gap is exactly what attackers exploit.
According to researchers, several groups have already been targeted using these tools, including Ukrainian civilians targeted by Russian intelligence; crypto users in China; and citizens in Saudi Arabia, Turkey, and Malaysia.
Researchers emphasize that these tools can easily be used against any user with an outdated operating system.
Apple also noted that iOS 26, launched last September, already includes the necessary protections against these hacking tools.
Last week, the company even took an unusual step and released a dedicated update for older devices that cannot upgrade to the new version, in order to block these attacks.
Instead of chasing the victim, the hacker waits for them.
According to cybersecurity experts, DarkSword and Coruna infect devices by means of a watering hole attack—a method in which the attacker does not directly pursue the victim, but waits for them on a website they already tend to visit.
Attackers identify a website popular among their target audience, breach it or create a fake version of it, and embed malicious code within it.
From the moment the user enters the site, the code exploits a vulnerability in the device, such as an outdated iPhone, and can infect it automatically without any download or suspicious click.
This is precisely why the attack is particularly dangerous—the user makes no mistake, but simply arrives at the wrong place.
However, it should be noted that hacking an iPhone is still considered a significant technical challenge.
These two tools rely on a complex chain of vulnerabilities working together to take control of the device, with their uniqueness lying in the ability to package this chain into ready-to-use kits for hackers.
According to Rocky Cole, Chief Operating Officer of iVerify, who spoke to NBC: “There is a sense that attacks on iPhones are rare, almost mythical.
But that is not true, we simply do not really have the tools to see them.
It is much more common than people think”.
In simple terms—an iPhone may be considered one of the most secure smartphones on the market, but if it is not updated, it does not matter.
So if you have not yet updated your operating system—now is the time.
And if you are still storing information on your phone that you do not want to become public, then you have already done everything necessary for it to one day become public.
The reason is new cybersecurity research indicating that Russian intelligence, Chinese cybercriminals, and malicious hackers are using advanced tools to take control of devices running older versions of the iOS operating system.
These tools, called DarkSword and Coruna, are no longer isolated vulnerabilities but full exploit kits.
They were described this month by Google and cybersecurity firms iVerify and Lookout as tools that provide hackers with deep remote access to iPhones, including the ability to access all of their contents.
At iVerify, the extent of access these tools can gain was detailed.
“DarkSword is a surveillance and intelligence-gathering tool that extracts data on a large scale, including Wi-Fi passwords, text messages, call history, full location data, browsing history, SIM details, and cellular data.
In addition, it has the ability to extract data from health apps, notes, and calendars,” according to the company’s blog.
Apple, on the other hand, emphasized that these tools are effective only against devices running older versions of the operating system.
“Keeping software up to date is the most important thing users can do to maintain the security of their Apple devices,” said company spokesperson Sarah O’Rourke in an official statement.
According to security experts interviewed by the media, the findings are concerning.
Despite Apple’s reputation as a company that produces relatively secure devices, it appears that older versions of iOS are particularly vulnerable, and this gap is exactly what attackers exploit.
According to researchers, several groups have already been targeted using these tools, including Ukrainian civilians targeted by Russian intelligence; crypto users in China; and citizens in Saudi Arabia, Turkey, and Malaysia.
Researchers emphasize that these tools can easily be used against any user with an outdated operating system.
Apple also noted that iOS 26, launched last September, already includes the necessary protections against these hacking tools.
Last week, the company even took an unusual step and released a dedicated update for older devices that cannot upgrade to the new version, in order to block these attacks.
Instead of chasing the victim, the hacker waits for them.
According to cybersecurity experts, DarkSword and Coruna infect devices by means of a watering hole attack—a method in which the attacker does not directly pursue the victim, but waits for them on a website they already tend to visit.
Attackers identify a website popular among their target audience, breach it or create a fake version of it, and embed malicious code within it.
From the moment the user enters the site, the code exploits a vulnerability in the device, such as an outdated iPhone, and can infect it automatically without any download or suspicious click.
This is precisely why the attack is particularly dangerous—the user makes no mistake, but simply arrives at the wrong place.
However, it should be noted that hacking an iPhone is still considered a significant technical challenge.
These two tools rely on a complex chain of vulnerabilities working together to take control of the device, with their uniqueness lying in the ability to package this chain into ready-to-use kits for hackers.
According to Rocky Cole, Chief Operating Officer of iVerify, who spoke to NBC: “There is a sense that attacks on iPhones are rare, almost mythical.
But that is not true, we simply do not really have the tools to see them.
It is much more common than people think”.
In simple terms—an iPhone may be considered one of the most secure smartphones on the market, but if it is not updated, it does not matter.
So if you have not yet updated your operating system—now is the time.
And if you are still storing information on your phone that you do not want to become public, then you have already done everything necessary for it to one day become public.
