Leaked Spyware Exposes Hundreds of Millions of Older Apple Devices to Cyberattacks
Cupertino, Tuesday, 24 March 2026.
A highly accessible hacking tool leaked online threatens over 600 million outdated Apple devices. This critical vulnerability requires immediate software updates to prevent corporate espionage and severe data breaches.
A Threat to Hundreds of Millions
The exposure represents a massive security headache for Apple Inc. (AAPL) [GPT]. According to the technology giant, approximately one-quarter of all active iPhone and iPad users are currently running iOS 18 or earlier versions of its operating systems [1][3][4]. With an estimated 2.5 billion active Apple devices globally, this translates to roughly 625.000 million devices potentially vulnerable to the DarkSword framework [1][4]. Security experts note that the exploit chain facilitates a multi-stage attack that begins with initial code execution through the Safari web browser’s WebKit engine, eventually allowing hackers to bypass the browser sandbox and gain deep, kernel-level system access [5][6].
CISA Mandates Urgent Federal Action
Recognizing the severity of the threat, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has intervened. On Friday, March 20, 2026, CISA added three specific flaws abused by DarkSword—CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520—to its Known Exploited Vulnerabilities (KEV) catalog [2][6]. These vulnerabilities include classic buffer overflow and improper locking issues that affect a wide range of Apple operating systems, including iOS, macOS, and visionOS [6]. Under Binding Operational Directive (BOD) 22-01, federal civilian executive branch agencies are required to apply Apple’s mitigations by the upcoming deadline of April 3, 2026 [2][6]. CISA has explicitly warned that these vulnerabilities pose significant risks to both the federal enterprise and private sector organizations [2].
Securing the Apple Ecosystem
For corporate IT departments and everyday consumers, the directive is clear: update immediately. Apple released an emergency software update on March 11, 2026, specifically designed for devices that cannot run the most recent iterations of iOS, which is currently advancing toward iOS 26 [1][3][4]. Apple spokesperson Sarah O’Rourke emphasized that keeping software up to date remains the most critical step in maintaining device security [1][3][4]. Furthermore, cybersecurity researchers have confirmed that devices utilizing Apple’s highly restrictive “Lockdown Mode” alongside updated software successfully block DarkSword attacks [4]. Matthias Frielingsdorf, co-founder of the mobile security startup iVerify, warned that the exploit’s ease of use means it can no longer be contained, urging organizations to prepare for widespread criminal deployment [1][3][4].