· 44 comments · Save ·
Questions & Help Mar 18, 2026 at 2:06 PM

Researchers uncover iPhone spyware capable of penetrating millions of devices

Posted by WilliamInBlack

https://www.reuters.com/technology/researchers-uncover-iphone-spyware-capable-penetrating-millions-devices-2026-03-18/
🚩 Report this post

44 Comments

Sign in to comment — or just click the box below.
🔒 Your email is never shown publicly.
Pho_Rheels Mar 18, 2026 +199
Interestingly iOS 26.3.1 (a) was released this morning stating it is a Background Security Improvement.
199
brnccnt7 Mar 18, 2026 +59
I suppose it’s good that they’re on top of it at least
59
733t_sec Mar 19, 2026 +22
It's super common that researchers have agreements with big tech companies that they will delay announcing their findings until after a public security patch is released.
22
rnilf Mar 18, 2026 +86
> Researchers said they discovered the vulnerabilities ​because of ⁠sloppy security mistakes not common in state-linked iPhone hacking. > “The fact that they don’t care if it gets burned, and that they’re using them in mass attacks with poor (operational security), that says a lot about how ⁠much they ​value these tools,” Cole said. “They’re not overly precious about them ​being exposed." What's the implication of them not being "overly precious about them being exposed"? Did they want this to get discovered? Is it a trap? Regardless, keep all of your devices up-to-date people. Apple may be bad at a lot of things, but one of the things they're really good at is providing security updates for their devices for a long time, far longer than most Android phones. Take advantage of that.
86
Dangerous-Rice44 Mar 18, 2026 +46
The implication is that they have (or expect to have) a lot more exploits to work with, so they don’t care if this one is discovered and patched.
46
Derigiberble Mar 18, 2026 +19
Another possibility is that a state-level group has/had a leak and the beneficiaries of that leak know the leak will get caught and are more concerned with locking in a quick return than keeping the exploit alive.  Similar to how exploited AWS credentials tend to get used to mine crypto. 
19
slavetothesound Mar 18, 2026 -2
Or that they have fewer resources/knowledge/skills to be more discreet
-2
2_Spicy_2_Impeach Mar 18, 2026 +6
The same conclusion when some monster 0day exploits were discovered attributed to a US government based group. The security researchers were shocked that exploits this clean/reliable were used in a campaign like they were. They looked like hand me downs from a more sophisticated group which meant they have access to so many, it doesn’t matter if this one gets patched.
6
Ok-Lingonberry-9619 Mar 19, 2026 +1
ok, can they also fix the backdoor they’ve programmed in for governments to do whatever they want? or am I mistaken and that’s not at all relevant.
1
Cactus_Bot Mar 20, 2026 +1
Says they are good at security but doesnt understand the implimications of burning attack vectors lol
1
gibgod Mar 18, 2026 +29
*According to iVerify and Lookout, researchers discovered the malware being delivered to ​iPhone users running iOS versions 18.4 to 18.6.2 who visited one of dozens of Ukrainian websites. Apple released those versions between March and August 2025.* *It's ​not clear how many iPhones are vulnerable to Darksword attacks, the researchers said. Apple has released multiple fixes for the underlying bugs.* So it’s on an old iOS that the overwhelming vast majority of iPhone users won’t be on. So not panic stations and not particularly topical ‘news’.
29
bubba-yo Mar 19, 2026 +3
Yep. And I don't think these exploits are even possible on any M5 or A19/A19 Pro devices due to [new security efforts in Apple Silicon](https://www.privacyguides.org/posts/2025/09/20/memory-integrity-enforcement-changes-the-game-on-ios/), which are specifically designed to thwart state-level and similar attackers.
3
ibanez5sdgr Mar 18, 2026 +34
I’m really starting to miss the analog world.
34
Stereo_Jungle_Child Mar 18, 2026 -8
Newsflash: All of your consumer electronic devices are dripping with spyware and surveillance apps and tech, and microphones and cameras and GPS trackers that know everything you're doing as well as where and when you're doing it. Also, ALL of your personal information has been sold or stolen or stolen then sold or sold then stolen a dozen times over by now by people all over the world. There is NOTHING private about your life AT ALL anymore. The only place they can't go (yet) is inside your head, so bask in your thoughtcrimes while you can. :)
-8
GiveMeOneGoodReason Mar 18, 2026 +125
Privacy is not dead. This reductionist doomerism isn't helpful because it just promotes an incorrect "it's too late, nothing matters" mentality. The reality is bad actors can't just magically conjure up all your info "because it's already out there/ available." They still need these sorts of hacks to get the info they want.
125
ianspy1 Mar 18, 2026 +16
Yeah, just giving up seems like the worst way to go about it. You can still at least try to do what you can. With thigns like GrapheneOS being easy to install. Or using the browser instead of apps, having a close look at app permissions, blocking internet access to smart home devices etc. Nothing will be 100% secure of course. And you don't need to take it to extremes.  But a lot of it just takes a bit of research and relearning. And there are great resources and communities out there that are happy to help! 
16
Stereo_Jungle_Child Mar 18, 2026 -9
Nowhere in my post did I tell anyone to "just give up because nothing matters". Rage. Rage against the dying of the light if you want to. Privacy isn't "dead", it's been surrendered. People gave it away. People trade their personal data for a free app that "does something". People can't shut up about themselves on social media, begging people to listen to them tell everyone about every minute detail of their lives, all while carrying around tracking devices that know their location at all times and are running digital assistants like Siri or Alexa that are literally listening to every word you say. Then they take the collected data about you and sell it, or it gets stolen in hack. Soon, we'll have universal age and identity verification online. There are a LOT of powerful people that are pushing really HARD for that right now, and they'll get it too, because it'll be sold to the public as a "safety" issue. "Think of the children!" and all that. How's that going to impact your "privacy" when your real identity is uploaded to every website and app you use because it's in your phone/computer at the operating system level? The only question here is who do you consider to be the "bad actors"?
-9
re_carn Mar 18, 2026 +21
Will there be any proof of that, or is it just “trust me, dude!”?
21
RighteousRocker Mar 18, 2026 -1
This is true, there has never been any documented cases of companies selling your valuable advertising data. There are no verifiable claims that this data is being collated and analysed by large tech firms. You should trust 3rd parties with your personal information, they will make sure it is used to improve your user experience.
-1
Stereo_Jungle_Child Mar 18, 2026 -6
Trust me, don't trust me. I don't care. I have nothing to gain or lose by you either believing me or not. It makes absolutely no difference. lol Most people have been involved in a dozen or more data breaches/hacks by now. Your bank, your medical records, stores you shop at, your school info, government agencies, etc. have all been hacked multiple times. There's no one left who hasn't been hacked. That's why you have so many passwords and authentication c*** to go through all the time. Government and industry whistleblowers have already spilled the beans about how much data is being collected about all of us all the time, and when AI comes online it's going to pump that into overdrive. The scary part is that you probably never will actually see any proof, and why would you? What exactly do they need to prove to you and why would they do it? If the FBI or some other government agency has a file on you, are they going to call you up and tell you about it? Probably not. If hackers stole your SSN, are they going to email you and tell you that they stole it? I don't think so.
-6
re_carn Mar 18, 2026 -1
Blah, blah, blah - if you don't feel the need to back up what you say, then it should be treated as nothing but empty chatter. Don't forget to pull that foil hat down tight over your ears.
-1
CharlieOnTheMTA Mar 18, 2026 +3
Personally, my medical data, including SS number, address, etc., has been breached four times on four different data aggregation services. These services handle payments, data storage, etc., for large medical facilities/companies. You've probably never heard of them, until you get the letter announcing that you'd better lock up your credit reports and check you statements often. No blah blah blah. It happens *all the time*. I've spent my life in IT (now retired, so yes, I started with an abacus) and I can tell you that there is ALWAYS a way to get the info. And it is out there for sale. That being said, there are always things you can do to make sure that the info has no value. Lock up your credit reports. Check you statements often. Try not to use cloud services. (good luck with that one!) Change your passwords often. Use 2FA. Or stay offline and unplugged. That works best.
3
re_carn Mar 18, 2026 -5
And once again, some anecdotal examples to prove that personal data doesn't exist. Delulu is strong in you. >I've spent my life in IT (now retired, so yes, I started with an abacus) and I can tell you that there is ALWAYS a way to get the info.  Of course there are. For example, for an employee of that company who has access. For an outsider, it’s much more difficult, even if the company doesn’t handle data security at all.
-5
CharlieOnTheMTA Mar 18, 2026 +2
Excuse me, but anecdotal examples aren't quite the same as real life experiences. But I'll defer to your obviously superior intelligence in these matters.
2
re_carn Mar 18, 2026 -1
Of course, but it’s also relevant only to you. And using your personal experience to prove general statements is, at the very least, poor form. If this is news to you, give it some thought.
-1
OneWholeSoul Mar 18, 2026 +3
...He didn't say anything ridiculous, much less incorrect, even.
3
re_carn Mar 18, 2026 -2
Actually, he did. Actually, his entire comment is nothing more than a conspiracy theory.
-2
Stereo_Jungle_Child Mar 18, 2026 +6
Yeah.....it's all made up. There's nothing to worry about. Everything is just.....fine. All these articles confirming the facts about this surveillance stuff are all lies. And the government and industry whistleblowers who have been coming forward for decades to confirm how much data is being collected on us all, those people are all liars and fakes too. Just keep telling Siri and your AI chatbot EVERYTHING. I'm sure no one else is listening. Good luck, kid. :)
6
FinalFantasyZed Mar 18, 2026 -3
Trust me bro
-3
Koraboros Mar 18, 2026
It is true if you use lots of free apps like Gmail. remember the adage, if it's free, you are the product. You can certainly make yourself more privacy oriented by removing free apps, turning off location/microphone/etc for apps that don't need it. Switch to a paid email provider. There is still agency to maintain your privacy but it's up to the user to be conscious about it.
0
re_carn Mar 18, 2026 +2
You see, the comment I'm replying to actually says that doing this is pointless.
2
Koraboros Mar 18, 2026 +1
That comment is false. The user was saying that the general public doesn’t care about privacy anywhere so under that assumption everything is out in the open but the assumption isn’t true.
1
Igotdaruns Mar 18, 2026 +6
Except that they can influence your thoughts with a high degree of accuracy.
6
Stereo_Jungle_Child Mar 18, 2026
"The Force has a strong influence on the weak-minded" -- Obi-wan Kenobi
0
CompilationsRule Mar 18, 2026 +3
Im fantasizing about eating a whole box of Krispy Kreme donuts. Half glazed, and half chocolate frosted. Take me to jail 🤤
3
GirlNumber20 Mar 18, 2026 +1
I like you.
1
CompilationsRule Mar 18, 2026 +1
That’s nice 😊
1
ThrustersOnFull Mar 18, 2026 +1
Gluttony is merely a mortal sin, not an actual crime, so your ultimate rewards may vary!
1
l3rN Mar 18, 2026
No they just go straight after your bank account on those. $16 for the half and half box where I'm at now. *That* should be criminal.
0
CompilationsRule Mar 18, 2026 +1
Worth every penny. If I had a son or daughter or nonbinary, I would borrow against their college savings to buy more 🤤
1
My_2Cents_666 Mar 18, 2026 +1
I had a dream one morning and then saw ads relating to that dream. 🤔
1
noots-to-you Mar 18, 2026 +1
This is like watching GATTACA except it’s been plastered with ads for Apple and Google.
1
ToNoMoCo Mar 18, 2026 -4
Isn't that just the iOS?
-4
GenXJoust Mar 18, 2026 -10
I had apple devices for years. We got hacked badly in 2024. I believe it started with my older iPad and it spread through our entire home network through our wifi. Everything was stolen. Even all photos back to the early 2000s, just gone. Police did nothing, apple did nothing and in fact were a joke. We had all brand new devices when we were hacked except for my iPad. Watches. Phones. Ipads. We were able to report them as stolen since they were inoperable so we got out of paying our contract. Hate my Google phone but I will never go back to apple.
-10
← Back to Board