(P1) A newly leaked attack program dubbed ‘DarkSword’ is targeting cryptocurrency wallet private keys on older Apple iOS versions by exploiting a vulnerability in the Safari web browser, security firm SlowMist reported.
(P2) "The exploit uses malicious JavaScript on fraudulent websites, disguised as pornographic sites or Tron energy stations, to steal plaintext private keys from crypto wallets," SlowMist said in a security alert.
(P3) The attack vector highlights ongoing security risks within browser environments, a threat underscored by Apple's own recent updates. The company's Safari 26.5 release patched numerous WebKit vulnerabilities, including CVE-2026-28962, which could allow maliciously crafted web content to disclose sensitive user information—a flaw similar in nature to the DarkSword exploit's method.
(P4) This vulnerability poses a significant financial risk for iPhone users who have not migrated to the latest iOS 26 software. While Apple has occasionally issued emergency patches for older systems to fix critical exploits like the recent 'DarkSword' and 'Coruna' attacks, its primary focus remains on iOS 26, leaving users of older software like iOS 18 increasingly exposed to threats that are not deemed severe enough to warrant a backported fix.
The DarkSword exploit emerges as both Apple and Google rush to patch dozens of security holes in their respective browsers. Apple’s Safari 26.5 update addressed at least 15 distinct CVEs (Common Vulnerabilities and Exposures) within its WebKit engine, fixing flaws that could lead to information disclosure, unexpected crashes, and the bypassing of security policies.
This industry-wide challenge was further highlighted by a recent Google Chrome update that addressed 79 security issues, 14 of which were rated as critical. The vulnerabilities in Chrome ranged from heap buffer overflows to use-after-free errors in components like UI, FileSystem, and Downloads, demonstrating the broad attack surface that modern browsers present.
Apple's software strategy has created a divergence in security coverage. Since the launch of iOS 26 in September 2025, the company has maintained a two-track system, offering limited security updates to users of the older iOS 18. However, these updates have become less frequent and are often restricted to older hardware like the iPhone XS and XR.
The release of iOS 18.7.9 alongside iOS 26.5 illustrates this gap. While iOS 26.5 contained fixes for over 60 security holes for newer devices, the update for older phones was more limited, signaling that users on eligible devices must upgrade to iOS 26 to receive comprehensive protection. The potential impact of exploits like DarkSword could trigger fear and uncertainty among iOS-based crypto users, potentially leading to asset sell-offs and placing pressure on both Apple and wallet developers to address such vulnerabilities swiftly.
This article is for informational purposes only and does not constitute investment advice.
