Apple Issues Urgent Advisory for iPhone Users Following Discovery of Cyber Exploits
Last Updated: 20 March 2026, 09:49 AM IST
Apple has issued a critical alert to iPhone users, urging them to update their devices following the revelation of two sophisticated exploit kits—designated DarkSword and Coruna—utilized by alleged Russian intelligence operatives and Chinese cybercriminals. These kits are known to target iPhones running obsolete software versions.
The findings, unveiled this week by Google’s Threat Intelligence Group in collaboration with mobile security firms Lookout and iVerify, underscore the alarming tactics employed by a group suspected of having ties to the Russian government.
This entity, tracked under the codename UNC6353, has leveraged these toolkits primarily against Ukrainian objectives through “watering hole” assaults on compromised websites.
DarkSword exploits vulnerabilities in iPhones operating on iOS versions 18.4 through 18.7, executing nefarious functions that include the theft of passwords, photographs, cryptocurrency wallet credentials, and messages from platforms such as WhatsApp and Telegram. The toolkit subsequently erases its traces, allowing it to vanish undetected.
Estimates from iVerify suggest that as many as 270 million iPhone users may fall within the ambit of these exploits. Lookout revealed to CyberScoop that approximately 15% of all iOS devices in operation are currently vulnerable to these threats.
Moreover, Google identified instances of DarkSword being employed against targets in nations such as Saudi Arabia, Turkey, and Malaysia.
The emergence of these exploits aligns with prior revelations regarding the Coruna toolkit, a comprehensive 23-component hacking suite first detected in early March. Notably, this toolkit was originally developed by US defense contractor L3Harris before being repurposed by Russian and Chinese operatives.
Rocky Cole, co-founder of iVerify, stated, “All signs point to the Russian government.” Meanwhile, Lookout’s researcher Justin Albrecht characterized UNC6353 as a “well-funded and connected threat actor” engaged in attacks driven by both financial motivations and intelligence objectives aligned with Russian interests.
Furthermore, researchers disclosed that extensive utilization of a large language model to customize both toolkits has effectively diminished the threshold for deploying advanced mobile exploits.
DarkSword’s server-side components featured AI-generated code adorned with comprehensive comments, a lapse in operational security for an entity linked to state actors, as noted by Albrecht.
Google informed Apple of these vulnerabilities in late 2025, and subsequently, all flaws were rectified with the rollout of iOS version 26.3 in February, although several had been addressed in earlier updates.
Apple acknowledged awareness of reports indicating that this vulnerability might have been weaponized in a highly sophisticated attack targeting specific individuals using versions of iOS prior to 26.
Security experts strongly advocate for immediate updates, in addition to regular device restarts, to expel memory-resident malware. For individuals considered high-value targets, Apple’s Lockdown Mode stands as the most robust defense currently available against spyware threats.
Source link: English.mathrubhumi.com.
