Ios

A vulnerability in Firefox for iOS versions prior to 151.1 allows an attacker to bypass the security policy (CVE-2026-9078).

The Q1 2026 mobile threat landscape saw a decrease in overall attack volume driven by reduced adware and RiskTool detections, while the number of unique users targeted remained stable, with new SparkCat variants on app stores and increased banking Trojan and Triada backdoor activity.

Sticky Notes Widget 3.0.6 is vulnerable to a denial-of-service attack (CVE-2021-47973), where an attacker can crash the application on iOS devices by pasting excessively long character strings into note fields.

memono Notepad 4.2 is vulnerable to a denial-of-service attack, allowing attackers to crash the application by pasting excessively long character buffers (specifically, two pastes of 350,000 repeated characters) into note fields on iOS devices, as tracked by CVE-2021-47944.

A new exploit dubbed 'DarkSword' is being actively exploited in infostealer campaigns targeting iPhones, potentially leading to unauthorized data access and device compromise.

The DarkSword exploit chain targets iOS versions 18 and under by exploiting a WebKit vulnerability, and is being adopted by multiple threat actors for initial access and execution.

The DarkSword exploit kit targets iOS devices, leveraging unknown vulnerabilities to compromise devices.

The ToTok iOS application, developed by Breej Holding Ltd., was identified as a spying tool used by the government of the United Arab Emirates (UAE) to track users' conversations, movements, and relationships by collecting sensitive user data and transmitting it to servers using self-signed certificates.