Urgent iPhone security update

DarkSword targets iOS 18.4 through 18.7 and chains six separate vulnerabilities — including three zero‑days — into a full‑device takeover framework, according to Google’s Threat Intelligence Group and independent reporting. (cloud.google.com) (bleepingcomputer.com) Coruna is a JavaScript‑delivered exploit kit that bundles 23 distinct exploits arranged across five exploitation chains and was observed attacking iPhones running iOS 13.0 through 17.2.1. (pcmag.com) Researchers say DarkSword deploys three final‑stage malware families — GHOSTBLADE, GHOSTKNIFE and GHOSTSABER — with GHOSTBLADE configured to exfiltrate iMessage, Telegram, WhatsApp, email, calls, contacts, photos, location data and cryptocurrency wallet contents. (cloud.google.com) (bleepingcomputer.com) Observed operators and buyers include suspected clusters UNC6748 and UNC6353 plus commercial surveillance vendors such as PARS Defense, with campaigns tied to incidents in Saudi Arabia, Turkey, Malaysia and Ukraine dating back to at least November 2025. (cloud.google.com) (pcmag.com) Apple issued security updates for legacy releases — notably iOS 15.8.7 and iOS 16.7.15 — to close Coruna‑linked flaws, and Google’s report says GTIG notified Apple in late 2025 and the fixes were incorporated into later iOS builds including iOS 26.3. (securityweek.com) (cloud.google.com) Security analysts published DarkSword’s tracked CVEs — CVE‑2025‑31277, CVE‑2025‑43529, CVE‑2026‑20700, CVE‑2025‑14174, CVE‑2025‑43510 and CVE‑2025‑43520 — while noting Coruna relied in part on non‑public exploits that still lack some CVE assignments. (bleepingcomputer.com) (pcmag.com) For devices that cannot be upgraded immediately, Google and partnering firms added DarkSword delivery domains to Safe Browsing lists and recommended enabling Apple’s Lockdown Mode as an interim mitigation. (cloud.google.com)