Emergency press release: DarkSword (iPhone / iOS)

Official HLD press statement

Independent researchers and Google Threat Intelligence have documented a sophisticated iOS exploit chain referred to as DarkSword. It has been used in real campaigns by multiple actors, which means the risk is not theoretical—it is an operational capability in the wild.

HLD ORD (Offensive Research Division) has investigated this incident end-to-end, correlating open-source intelligence with controlled work in closed laboratory environments. That validation confirms the real-world impact: vulnerable iOS builds remain exposed to browser-mediated compromise, and post-exploitation behaviour aligns with the data-access and persistence patterns described in public reporting. HLD is treating this as an active, high-priority risk—not a paper exercise—and we are briefing clients and the public with the same urgency we apply internally.

HLD’s guidance is straightforward: treat unpatched iPhones on affected iOS versions as exposed to drive-by compromise via the web stack. Patching closes the underlying flaws; awareness reduces risky browsing on unmanaged devices until updates are applied.

Organisations should push managed devices to the latest supported iOS build, communicate clearly to staff and contractors who use personal iPhones for work mail or MFA, and align incident response playbooks for suspected mobile compromise.

How this affects everyday life

• This is not something you fix by “being careful with passwords” alone: the entry point is the web browser on a vulnerable iOS version.
• If your iPhone is on an affected iOS branch and not fully patched, normal activities—opening a link from chat, email, or social—could theoretically expose the device to drive-by exploitation.
• Victims may notice nothing at first; data can be copied quietly in the background, which is why prevention (patching) matters more than waiting for symptoms.
• High-risk people (journalists, activists, lawyers, executives, and others in sensitive roles) should treat this as a prompt to update immediately and consider Apple’s Lockdown Mode if directed by security staff.

What you should do right now

• On your iPhone: open Settings → General → Software Update and install the latest iOS version Apple offers for your device.
• Restart the phone after updating, then confirm the build in Settings → General → About.
• If you cannot update yet (managed device, legacy hardware): enable Lockdown Mode under Settings → Privacy & Security → Lockdown Mode, after reading Apple’s explanation of what it changes.
• Avoid sideloading profiles or “security” apps from unknown sources; they do not replace vendor patches.
• If you believe you were targeted: disconnect from sensitive accounts on that device, seek professional incident help, and preserve the device for forensic analysis before wiping it.