Update your iPhone now, CISA warns.
NurPhoto via Getty Images
It has been confirmed that a version of the DarkSword iOS spyware exploit kit, which could affect hundreds of millions of iPhones, has now been published. If you’re using an old version of iOS and you haven’t updated your iPhone to the latest secure version of your device, then you can be left vulnerable to any attacker, even the most unscrupulous, who want to use the tools that are now readily available to them. A silent compromise attack is launched simply by visiting a malicious web page using the Safari browser. That’s why the Cybersecurity and Infrastructure Security Agency, which describes itself as the Cyber Security Agency that some agencies of the Federal Civilian Executive Branch can improve against zero-day vulnerabilities used in attacks within 21 days. Here is the thing, however: CISA is also “strongly recommended” all organizations to improve as soon as possible. Here’s what you need to know and do.
Update iOS Now—DarkSword Spyware Attacks Have Started
Hot on the heels of the FBI issuing a security warning for encrypted messaging users, and less than a week after Apple confirmed that it had released the first “Background Security Improvement” update for iOS 26 users due to a spyware vulnerability affecting the WebKit technology that powers Safari and other iPhone browsers, comes the news that DarkSword has taken advantage of DarkSword’s public domain. Here’s the thing, this is a new version of the DarkSword kit after the security updates, and it’s really dangerous for a number of reasons. Not only is it available for any threat actor to grab and use, but that supply is now within easy reach of almost anyone. This is a true respect that the kit is actually HTML and JavaScript that will work out of the box, without needing any great knowledge of iOS technology, and do so by cutting and placing on the host server.
Originally revealed by researchers from Google’s Threat Intelligence Group, along with the iVerify and Lookout teams, the full iOS exploit has since been seen being used by “a number of commercial and suspected government-sponsored surveillance vendors,” according to Google.
The good news is that between the latest security updates, taking iOS 26 to version 26.3.1(a), patches have also been released as follows:
- CVE-2025-14174 was hidden in iOS 18.7.3 and 26.2
- CVE-2025-31277 was hidden in iOS 18.6
- CVE-2025-43510 was hidden in iOS 18.7.2 and 26.1
- CVE-2025-43520 was hidden in iOS 18.7.2 and 26.1
- CVE-2025-43529 is hidden in iOS 18.7.3 and iOS 26.2
- CVE-2026-20700 was hidden in iOS 26.3
The CISA update alert, in addition to the list of Known Risks Used, addresses only three of these:
- CVE-2025-31277 Apple Multiple Products Buffer Overflow Vulnerability
- CVE-2025-43510 Apple Multiple Products Improper Locking Vulnerability
- CVE-2025-43520 Apple Multiple Products Classic Buffer Overflow Vulnerability
“These types of vulnerabilities are frequent attack vectors for cyber risk actors and pose significant risks to government business,” CISA said, adding that it “encourages all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their risk management process.” So, while you may not have a legal obligation to complete the remediation within 21 days, your organization, if it takes security seriously, should feel obligated to act as soon as possible. “For organizations,” Adam Boynton, senior director of business strategy at Jamf, said, “it is important to ensure that this iOS update is delivered immediately as any postponement will leave devices and operations at risk.”
#21Day #iOS #Security #Alert #Received #CISA