Time to update your iPhone

TL;DR: A newly discovered iOS hacking technique can steal personal data from hundreds of millions of iPhones if users visit the wrong website. It’s one of two major iOS exploits to surface in weeks—and both may have been obtained through a growing exploit market where ready-made hacking tools are bought, deployed, and discarded like burner phones. (It’s also a reminder to update your devices.)

What happened: Right now, up to roughly 270 million devices still running certain versions of iOS 18 are one wrong website away from having everything on them stolen. Tap a news link on your commute, scroll an article in bed, open a URL from a group chat—if the site’s infected, the hack silently hijacks your device to grab passwords, photos, chat logs, browser history, and Apple Health data in minutes.

This hacking technique, called DarkSword, was discovered jointly by Google and cybersecurity firms iVerify and Lookout. It’s not spyware, which installs itself on your device and monitors you over time; DarkSword never installs anything. It uses your phone’s existing processes, grabs what it can, and disappears on reboot, leaving almost no trace.

According to Wired, this malicious code was found “embedded in components of otherwise legitimate Ukrainian websites, including online news outlets and a government agency site,” but it’s not clear how it got there. Google also found victims of it in Saudi Arabia, Turkey, and Malaysia. The silver lining: It only works on iOS. Visit the same page on a Mac, an Android, a Chromebook, or your Kindle, and nothing happens.

Everything’s for sale: Researchers told Wired it’s unlikely Russian hackers actually created DarkSword. The researchers suspect they bought it from an exploit broker—a middleman that buys and sells hacking tools. Another iOS exploit called Coruna surfaced just two weeks earlier; it appears to have been built by a US defense contractor (where a former employee was recently convicted of selling hacking tools to a Russian broker). The existence of such exploit brokers means that it’s no big deal if one tool gets exposed—hackers can just buy another. They’ve also made wide-scale iOS hacks easier overall—previously, attackers tended to pick specific high-profile targets rather than target people en masse.

Hacking tools aren’t the only personal-data product booming, either. Data brokers like LexisNexis and Thomson Reuters collect your location and personal details from apps and public records, then sell them to government agencies like ICE and CBP—no warrant required. Just this week, the FBI admitted to buying people’s location data from third-party brokers again.

Bottom line: Update your iOS devices—Apple has already pushed emergency patches, including for older devices that can’t run iOS 26. You can also enable Lockdown Mode, a more extreme security measure which restricts many device features to block cybersecurity attacks. (The FBI reportedly couldn’t crack a Washington Post reporter’s iPhone earlier this year because she had it turned on.) Older iOS versions carry known, unpatched vulnerabilities that attackers specifically target—and apparently the black market selling such exploits is booming. —WK