• The "DarkSword" spyware targets iPhones
• Millions of devices remain vulnerable to data theft

Cybersecurity experts have warned of a dangerous vulnerability in iPhones that could allow hackers to compromise hundreds of millions of devices simply by clicking on malicious links.

The flaw has been planted on dozens of websites in recent weeks, putting users’ sensitive data and personal information at risk.

Security firms say the vulnerability, dubbed "DarkSword," represents a new wave of sophisticated malware capable of stealing data—including digital wallet information.

This marks the second discovery of powerful spyware targeting iPhones and other Apple devices this month. On March 3, Google and iVerify reported another spyware program called "Corona," and DarkSword was later found on the same servers.

Justin Albrecht, a researcher at Lookout, said, "There is now a confirmed chain of recent vulnerabilities that have fallen into the hands of actors with potential financial motives."

Apple has released updates to patch the underlying vulnerabilities, but many users fail to install updates regularly, leaving an estimated 220–270 million iPhones still exposed.

An Apple spokesperson emphasized that the vulnerabilities affected "older software" and that the company had already patched them in previous updates, stressing the importance of keeping devices updated for security.

All malicious domains detected by Google have been blocked by Apple’s Safe Browsing service in Safari to prevent exploitation.

Roky Cole, co-founder of iVerify, noted that the discovery of DarkSword and Corona highlights an active and growing spyware ecosystem that was previously limited to government intelligence operations.

He added that the vulnerabilities were discovered due to obvious security mistakes, uncommon in state-linked attacks, suggesting that the developers of these tools place little importance on concealing or protecting them.