Apple issues warning to millions of iPhone users over sophisticated attack stealing data: Act NOW

Apple has released an emergency iOS update, urging millions of iPhone users to download it now. 

The company expanded the availability of its iOS 18.7.7 and iPadOS 18.7.7 updates to a much wider range of devices, warning that the software contains critical protections against a cyberattack method known as DarkSword.

Apple said this allows more users with automatic updates enabled to receive protection from what it described as web-based attacks.

The DarkSword exploit kit, first identified in 2025, is designed to target vulnerable Apple devices and secretly install malicious software.

Security researchers said the attack is triggered when a user visits a legitimate website that has been secretly infected with malicious code, a tactic known as a ‘watering hole attack.’

Once activated, the malware can install hidden backdoors that allow hackers to maintain long-term access to a device and steal sensitive information.

Experts warned that a newer version of the hacking tool has now leaked online, raising fears that additional cybercriminal groups could begin using it in broader attacks.

Users who believe they may be targets of such attacks, particularly journalists, activists or those handling sensitive information, are advised to enable Apple’s Lockdown Mode by going to Settings, selecting Privacy & Security, tapping Lockdown Mode and following the prompts to turn it on and restart their device. 

Cybersecurity firms, including Google’s Threat Intelligence Group and Lookout, previously revealed that the DarkSword toolkit has been used in attacks targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine since July 2025.

The team found that it takes advantage of several hidden weaknesses in iPhones and the Safari browser. 

This allows attackers to secretly install malware on a device, another reminder of why keeping your phone updated is crucial.

In some cases, attackers created fake websites or apps to trick people, such as a lookalike version of Snapchat, while in others they hacked legitimate websites, including a government site.

Once a phone is infected, hackers can install different types of spyware depending on their goal.

One version, called ‘Ghostblade,’ is designed to steal huge amounts of personal information.

This includes text messages, call history, contacts, photos, emails, passwords, location data, browsing history and even files stored in iCloud.

It can also access messages from apps like WhatsApp and Telegram.

The malware looks for cryptocurrency apps and wallets, meaning it can potentially steal digital assets or sensitive financial data.

Apple initially released the iOS 18.7.7 update on March 24, 2026, but at the time, it was limited to a small number of older devices.

The tech giant has now expanded the update to cover a much wider range of iPhones and iPads, including devices capable of upgrading to newer operating systems but still running older versions.

In a statement shared with WIRED, an Apple spokesperson said the company made the unusual move to expand the update to protect users who have not yet upgraded to the latest software.

Users without automatic updates enabled can manually install the patch by updating their device to the latest secure version of iOS 18 or upgrading to iOS 26.

Cybersecurity researchers say the threat highlights growing concerns that sophisticated spyware targeting iPhones is becoming more common.

‘DarkSword silently steals vast amounts of user data simply because the user visited a real, but compromised, website,’ said Rocky Cole, co-founder of cybersecurity firm iVerify.

Apple has also begun sending lock screen warnings to some users running outdated software, urging them to install updates immediately.

Experts warned that failing to install the patch could leave devices vulnerable to data theft and long-term surveillance.