[[{“value”:”
The Google Threat Intelligence Group has posted a report about malware that uses six different security vulnerabilities to attack an iPhone. According to the report, a toolkit called DarkSword has been used to create three malware families called Ghostblade, Ghostknife, and Ghostsaber, and iPhones running iOS 18.4 to 18.7 are vulnerable.
All of the security holes used by the DarkSword malware have been fixed as of iOS 26.3 (the current version is iOS 26.3.1); most of them were fixed before 26.3. The latest version of iOS is 18.7.6, released on March 4. GTIG notes that the threat actors using DarkSword targeted users in Malaysia, Saudi Arabia, Turkey, and Ukraine.
DarkSword creates malware that uses JavaScript, and the attacker doesn’t need access to your device. Rather, a threat agent embeds the code within a website. When the user visits the website, the JavaScript executes and installs malware on the iPhone that can gather the user’s personal data, record audio, or check GS data for the current location. The information is then uploaded to a remote server.
The exploits used by DarkSword were recorded in the Common Vulnerabilities and Exposures database as the following:
- CVE-2025-14174: Fixed in iOS 18.7.3 and 26.2
- CVE-2025-31277: Fixed in iOS 18.6
- CVE-2025-43510: Fixed in iOS 18.7.2 and 26.1
- CVE-2025-43520: Fixed in iOS 18.7.2 and 26.1
- CVE-2025-43529: Fixed in iOS 18.7.3 and 26.2
- CVE-2026-20700: Fixed in iOS 26.3
iPhone viruses and malware are rare, but no device is completely invulnerable. Apple urges users to update to the most recent version of iOS that a device can support to ensure that the latest security patches are installed. Learn more about iPhone malware and viruses. We also have tips on how to protect your phone from hackers.
“}]]
This Post Has 0 Comments