{"id":719050,"date":"2026-03-26T20:25:09","date_gmt":"2026-03-26T17:25:09","guid":{"rendered":"https:\/\/buradabiliyorum.com\/en\/apple-made-strides-with-ios-26-security-but-leaked-hacking-tools-still-leave-millions-exposed-to-spyware-attacks\/"},"modified":"2026-03-26T20:25:09","modified_gmt":"2026-03-26T17:25:09","slug":"apple-made-strides-with-ios-26-security-but-leaked-hacking-tools-still-leave-millions-exposed-to-spyware-attacks","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/apple-made-strides-with-ios-26-security-but-leaked-hacking-tools-still-leave-millions-exposed-to-spyware-attacks\/","title":{"rendered":"Apple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed to spyware attacks"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a224a56cac58\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a224a56cac58\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/apple-made-strides-with-ios-26-security-but-leaked-hacking-tools-still-leave-millions-exposed-to-spyware-attacks\/#Contact_Us\" >Contact Us<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">The common assumption among iPhone security experts has been that finding vulnerabilities and developing exploits for iOS was difficult, requiring a lot of time, resources, and teams of skilled researchers to break through its layers of security defenses. That meant iPhone spyware and zero-day vulnerabilities, which aren\u2019t known to the software vendor before they are exploited, were rare and only used in limited and targeted attacks, <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/support.apple.com\/en-us\/102174#:~:text=Such%20attacks%20are,by%20such%20attacks.\">as Apple itself says<\/a>.<\/p>\n<p class=\"wp-block-paragraph\">But in the last month, cybersecurity researchers at Google, iVerify, and Lookout, have documented several broad-scale hacking campaigns using tools, known as Coruna and DarkSword, which have been near-indiscriminately targeting victims around the world who are not yet running <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">App<\/a>le\u2019s most up-to-date software. Some of the hackers behind these attacks include Russian spies and Chinese cybercriminals, and target their victims via hacked websites or fake pages, allowing them to potentially steal phone data from a large number of victims.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Now, some of these tools have leaked online, allowing anyone to take the code and easily launch their own attacks against Apple users running older versions of iOS.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Apple has invested significant resources in new security and development technologies, such as introducing memory-safe code for its latest iPhone models, and launching features like Lockdown Mode specifically to counter potential spyware attacks.\u00a0The goal has been to make modern iPhones more secure, and to strengthen the claim that the iPhone is very hard to hack. <\/p>\n<p class=\"wp-block-paragraph\">But there are still a lot of older, out-of-date iPhones that are now easier targets for spyware-wielding spies and cybercriminals.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">There are now essentially two security classes of iPhone users.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Users on the latest iOS 26 running on the most recent iPhone 17 models released in 2025 have a new security feature called Memory Integrity Enforcement, which is designed to stop memory corruption bugs, some of the most commonly exploited flaws used in spyware and phone unlocking attacks. DarkSword relied heavily on memory corruption bugs, <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/darksword-ios-exploit-chain#:~:text=The%20first%20UNC6748,the%20same%20file.\">according to Google<\/a>.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Then, there are <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/developer.apple.com\/support\/app-store\/#:~:text=74%20of%20all,iOS%2026.\">iPhone users<\/a> who still run the previous version of Apple\u2019s mobile software, iOS 18, or even older versions, which have been vulnerable to memory-based hacks and other exploits in the past.\u00a0<\/p>\n<div class=\"article-block block--callout block--right has-green-500-background-color\">\n<h4 class=\"block--callout__title\"><span class=\"ez-toc-section\" id=\"Contact_Us\"><\/span>Contact Us<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\t\t\tDo you have more information about DarkSword, Coruna, or other government hacking and spyware tools? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email. \t\t<\/p><\/div>\n<p class=\"wp-block-paragraph\">The discovery of Coruna and DarkSword suggest that memory-based attacks could continue to plague users of older iPhones and iPads that lag behind the newer, more memory-safe models.<\/p>\n<p class=\"wp-block-paragraph\">Experts working for iVerify and Lookout, two cybersecurity companies that have a commercial stake in selling security products for mobile devices, say Coruna and DarkSword may also challenge the long-held assumption that iPhone hacks are rare.<\/p>\n<p class=\"wp-block-paragraph\">iVerify\u2019s co-founder Matthias Frielingsdorf told TechCrunch that mobile attacks are now \u201cwidespread,\u201d but he also said that attacks relying on zero-days against the most up-to-date software \u201cwill always be charged at a premium rate,\u201d implying that these will not be used to hack people on a broad scale.<\/p>\n<p class=\"wp-block-paragraph\">Patrick Wardle, an Apple security expert, said one problem is that people call attacks against iPhones rare or sophisticated just because they are seldom documented. But the reality, he said, is that these attacks may be out there but are not always caught.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cCalling them \u2018highly advanced\u2019 is a bit like calling tanks or missiles advanced,\u201d Wardle told TechCrunch. \u201cIt\u2019s true, but it misses the point. That\u2019s simply the baseline capability at that level, and all (most) nations have them (or can acquire them for the right price).\u201d<\/p>\n<p class=\"wp-block-paragraph\">Another problem highlighted by Coruna and DarkSword is that there is now an apparently thriving \u201csecond-hand\u201d market, which creates the financial incentive \u201cfor exploit developers and individual brokers to essentially get paid twice for the same exploit,\u201d according to Justin Albrecht, principal researcher at Lookout.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Especially when the initial exploit gets patched, it makes sense for brokers to resell it before everyone updates.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cThis isn\u2019t a one-time event, but rather a sign of things to come,\u201d Albrecht told TechCrunch.<\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2026\/03\/26\/apple-made-strides-with-ios-26-security-but-leaked-hacking-tools-still-leave-millions-exposed-to-spyware-attacks\/\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The common assumption among iPhone security experts has been that finding vulnerabilities and developing exploits for iOS was difficult, requiring a lot of time, resources, and teams of skilled researchers to break through its layers of security defenses. That meant iPhone spyware and zero-day vulnerabilities, which aren\u2019t known to the software vendor before they are&#8230;<\/p>\n","protected":false},"author":1,"featured_media":719051,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/03\/broken-iphone-screen-zoomed-in.jpg?resize=1200,800","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[5029,4973,161387,70375,161306,26293,70944,70513,71635,161307,157677,4975,72287,151937,155987],"class_list":["post-719050","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-apple","tag-china","tag-coruna","tag-cybersecurity","tag-darksword","tag-google","tag-hackers","tag-hacking","tag-ios","tag-iverify","tag-lookout","tag-russia","tag-security","tag-spyware","tag-zero-days"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/719050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=719050"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/719050\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/719051"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=719050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=719050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=719050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}