By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post
A powerful iPhone hacking toolkit just leaked onto the internet – and if your phone isn’t up to date, your data could be at risk. We’re talking messages, location history, browser data, even crypto. Yikes!
So what happened?
Security researchers have been tracking two sophisticated iPhone hacking toolkits – called Coruna and DarkSword; tools of unknown origin, being used by cybercriminals to break into iPhones and iPads. Think of them as master keys, capable of quietly unlocking your device just by having you visit the wrong website. Sounds like a nightmare right?
This is what’s known as a watering hole attack, when hackers compromise a website that their target audience regularly visits, then use it to infect visitors with malware. Instead of going after the target directly, they poison the well and wait. No sketchy download required. No phishing link to click. Just a compromised website, and suddenly someone has full access to your phone. Still want to check out that cat video site?
That’s already unsettling. But here’s where it gets worse.
Someone leaked part of DarkSword and posted it publicly to GitHub – the internet equivalent of leaving the vault combination on a sticky note at the front door. Security researchers describe it as now being “essentially plug-and-play”. Meaning anyone who wants to launch their own iPhone attacks can download the tools and go. It’s Christmas in March for the bad guys!
Wait – can this actually affect MY phone?
Possibly, yes. DarkSword targets iPhones and iPads running iOS versions up to 18.7. Apple has confirmed that the latest versions of iOS 15 through iOS 26 are protected – but here’s the kicker: nearly one in three iPhone users still hasn’t updated to the latest software. With over 2.5 billion Apple devices in the world, that’s a lot of vulnerable phones.
At Los Alamos, we’re not exactly the crowd that ignores software updates – I like to think people here patch vulnerabilities for fun before finishing their morning coffee. But even the best of us let those little red notification bubbles pile up. This week, don’t.
What should I actually do?
The fix is genuinely simple this time:
- Update your iPhone or iPad right now. Go to Settings → General → Software Update. Security experts specifically recommend updating to iOS 18.7.6 or iOS 26.3.1.
- Not ready to update to iOS 26? Apple’s Lockdown Mode (Settings → Privacy & Security → Lockdown Mode) blocks these specific attacks. It’s worth knowing about even if you don’t turn it on today – it’s designed for people who have reason to believe they might be targeted.
- Check your older devices, too. That iPad your kid uses, the old iPhone sitting in a drawer – if it’s connected to Wi-Fi and running old software, it’s potentially vulnerable.
The bigger picture
This isn’t the first time a hacking tool has escaped into the wild. Back in 2017, an NSA exploit was said to have leaked and became the engine behind the WannaCry ransomware attack that took down hundreds of thousands of computers worldwide. Powerful tools have a way of traveling farther than anyone intended.
The good news: unlike a lot of the threats we cover in this column, the defense here is about as straightforward as it gets. Update your software. That’s it. The researchers have already done the hard part – Apple patched these vulnerabilities. We just need to actually install the patch.
Go forth and update, Los Alamos. You’ve solved harder problems than this.
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.