A newly detailed iPhone attack tool called DarkSword is raising fresh concerns for people still running older Apple software. According to a joint report cited by Cult of Mac and highlighted by IT Home, security firms Google, iVerify, and Lookout say the tool can silently compromise vulnerable iPhones through a web-based chain with no obvious warning to the user.
What makes the threat stand out is its reported zero-click attack behavior. In practical terms, researchers say a victim may only need to load a compromised webpage in a browser for the device to be taken over in the background. There may be no pop-up, no suspicious install prompt, and no clear sign that the phone has already been breached.
The report argues that this matters at scale because Apple says roughly a quarter of active iPhones worldwide are still on older software rather than the latest generation. That leaves a very large number of devices in the potential blast radius if attackers start using the exploit chain more broadly.
Security researchers quoted in the coverage describe DarkSword as a fileless tool rather than a traditional spyware install. Instead of dropping a visible app or obvious malware package onto the phone, it reportedly hijacks legitimate system processes and extracts data quickly. Even if a reboot can remove the active infection, the damage may already be done if the target data was copied out during those first minutes.
Lookout says the potential data exposure is extensive. The report claims attackers may be able to access passwords, photos, browsing history, and chat logs from services such as iMessage, WhatsApp, and Telegram. It also says the campaign could reach more sensitive personal material, including Apple Health information and credentials tied to cryptocurrency wallets.
Researchers also warn that capabilities once associated mainly with highly targeted surveillance are becoming easier for criminal actors to deploy more widely. One analyst cited in the report says black-market exploit channels are helping advanced iPhone attack methods move beyond journalists or specific high-value targets and into broader, less selective campaigns.
Apple says the safest move is simple: update to the newest supported software as soon as possible. The reporting says DarkSword is not currently effective against iOS 26, and Apple has also issued emergency protections for some older hardware that cannot move forward to the latest major release.
For users who may face elevated risk, security experts also recommend enabling Lockdown Mode on iPhone. It is a more restrictive configuration, but it can reduce exposure to sophisticated exploit chains. For everyone else, this story is a useful reminder that putting off updates is no longer just an inconvenience issue. On a modern phone, delayed patching can quickly become a serious privacy and data-loss problem.
