Apple urged iPhone users worldwide to issue an iPhone security update to their devices after cybersecurity researchers at Google, alongside firms iVerify and Lookout, uncovered sophisticated hacking campaigns by Russian intelligence, Chinese cybercriminals, and other actors exploiting older iOS versions.
The attacks, using tools dubbed DarkSword and Coruna, allow remote access to personal data through compromised websites, raising fresh concerns over mobile security and the growing accessibility of advanced cyber weapons.
The findings highlight how attackers are leveraging so-called exploit kits to infiltrate devices via “watering hole” attacks malicious websites designed to silently infect visitors. While Apple maintains that its latest operating system, iOS 26, mitigates these threats, the company has also issued targeted updates for older devices, reinforcing the urgency of patching vulnerabilities.
A Growing and Invisible Threat Landscape
On Wednesday, iVerify warned that, “DarkSword appears to be a surveillance and intelligence gathering tool, blanket pulling data including Wi-Fi passwords, text messages, call history, root location history, browser history, SIM card and cellular data as well as health, notes and calendar databases.”
The iPhone security update campaigns reveal a troubling geopolitical dimension. Researchers found that Russian-linked hackers targeted Ukrainian users, while Chinese cybercriminals deployed similar tools through fake financial websites aimed at stealing cryptocurrency. “The barrier to entry for widespread, devastating mobile attacks has been decisively lowered,” said John Scott-Railton of Citizen Lab. “It’s clear this problem is only going to grow.”
He added, “The scary takeaway for regular users is they can’t spot this attack.”
The Coruna tool itself has a controversial origin regarding the iPhone security update. Developed within defense contractor L3Harris, it was later sold illicitly, eventually circulating among state-linked actors and cybercriminal networks.
Meanwhile, DarkSword’s origins remain unclear, though researchers say its use has spread across multiple regions, including Saudi Arabia, Turkey, and Malaysia.
Fraud, Theft, And the Apple Ecosystem
The cybersecurity revelations come as Apple faces broader challenges tied to its ecosystem, from fraud schemes to physical theft. In the US, authorities recently sentenced a participant in a $16.2 million counterfeit iPhone and iPad return scheme that defrauded the company across multiple retail locations.
At the same time, a string of theft cases from stolen devices in California Apple Stores to incidents tracked using products like AirTags and AirPods illustrates how Apple devices remain at both high-value targets and effective tracking tools.
Law enforcement has increasingly relied on Apple’s location ecosystem to recover stolen goods, from luggage in Nashville to electronics in Washington state.
Security experts say these parallel iPhone security update developments show a central paradox: while Apple devices are often perceived as highly secure, they are not immune to evolving threats. Rocky Cole, chief operating officer at iVerify, challenged that assumption directly: “There’s been this perception in the security community that attacks against iPhones are like mythical beasts, they’re rare.”
“Nah, we just don’t really have the tools to see these. I have a feeling that it’s more pervasive than people think.”
As cyber capabilities proliferate and criminal tactics diversify, the latest iPhone security update campaigns suggest that maintaining security may depend less on brand reputation and more on user vigilance starting with a simple but critical step, keeping devices up to date.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.