Apple has confirmed a critical zero-day vulnerability, tracked as CVE-2026-XXXXX and publicly dubbed 'DarkSword,' is being actively exploited in the wild. The flaw affects iPhones running iOS versions prior to the latest security update.
The vulnerability allows for arbitrary code execution, potentially enabling attackers to install malware on a victim's device by tricking them into visiting a malicious website. Security researchers warn that the exploit's public disclosure increases the risk of widespread attacks.
Apple has released iOS 26.1.1 and iPadOS 26.1.1 with a patch for this vulnerability. Users are urged to update their devices immediately by navigating to Settings > General > Software Update. The company stated it is aware of reports that this issue may have been actively exploited.
This marks the first zero-day vulnerability patched by Apple in 2026. The 'DarkSword' moniker was coined by security analysts following the exploit's appearance in online forums.
