Update your iPhone now: Apple warns users as Google uncovers Russian-linked ‘DarkSword’ spyware threat

Apple has warned iPhone users to update their devices after a new report revealed that a latest exploit is being actively used by Russian-linked actors to take control of phones running on older versions of iOS.

A report by Google Threat Intelligence Group (GTIG), along with Lookout and iVerify, revealed on Wednesday that suspected Russian state-sponsored actors were using an exploit called DarkSword to gain full control of iPhones running on iOS versions 18.4 through 18.7.

“Since at least November 2025, GTIG has observed multiple commercial surveillance vendors and suspected state-sponsored actors utilizing DarkSword in distinct campaigns. These threat actors have deployed the exploit chain against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine,” Google said in a blog post.

Meanwhile, iVerify in a release said, “DarkSword appears to be a surveillance and intelligence-gathering tool, blanket pulling data including Wi-Fi passwords, text messages, call history, root location history, browser history, SIM card and cellular data as well as health, notes and calendar databases.”

Lookout notes in a blog post that while exfiltration of messages and iCloud content is expected as part of this kind of attack, DarkSword also targets cryptocurrency wallets, which gives this vulnerability a financial motive.

Apple responds to hacking threats:

In a statement to NBC News, Apple spokesperson Sarah O’Rourke reacted to the development, stating that the tools can only work against devices that are running older versions of the company's operating system. O’Rourke also emphasised the importance of applying regular updates to the iPhone.

“Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,” O’Rourke said.

Notably, the report also notes that Apple had fixe

d all the known vulnerabilities with the iOS 26.3 update. The Cupertino-based tech giant had also made a significant move by releasing a special update for iPhones that cannot run the latest iOS versions to provide critical vulnerability fixes for the exploits.

Earlier this week, Apple also released its first-ever Background Security Improvements (BSIs) update which allows the company to provide critical security patches in between major update cycles.

The first major BSI update release for iPhones and MacBooks fixed a high-severity risk in WebKit, the engine powering Safari and other iOS web apps. The company said that the issue was due to a cross-origin issue in the Navigation API and could allow maliciously crafted web content to bypass the Same Origin Policy.

Apple also added that the issue was successfully fixed with improved input validation.