Your iPhone could be hacked just by visiting a website if you’re still running iOS 18
Security researchers from Google, iVerify, and Lookout have uncovered DarkSword, a highly sophisticated exploit that can hack an iPhone simply by visiting a compromised website — no downloads, taps, or suspicious links required. The vulnerability affects iOS 18, which nearly a quarter of iPhone users are still running, leaving hundreds of millions exposed. DarkSword can steal passwords, photos, messages across major apps, browser history, health data, and even crypto wallet credentials. The exploit hijacks system processes and vanishes after a reboot, making it extremely hard to detect. Apple has patched the flaw in iOS 26.3.1, so users must update immediately. Researchers warn that powerful hacking tools once reserved for state‑level surveillance are now widely accessible, meaning everyday users are increasingly at risk.