Someone leaks DarkSword exploit kit on GitHub

A sophisticated iPhone hacking tool called DarkSword has been leaked on GitHub.

“The exploit, revealed last week by Google’s Threat Intelligence Group, is now publicly available on GitHub, increasing the urgency for older iPhones and iPads to run the latest available iOS and iPadOS versions”

9to5Mac

This significantly increases cybersecurity risks for millions of Apple device users.

9to5Mac

The exploit chains multiple iOS and iPadOS vulnerabilities to compromise devices.

It was originally discovered by Google's Threat Intelligence Group, iVerify, and Lookout security researchers.

These exploits target outdated iPhones and iPads that cannot run the latest iOS 26 software.

Attackers can steal user data or gain full control of compromised devices.

The discovery came alongside another exploit called Coruna.

Both rely on WebKit and other vulnerabilities that Apple has since patched.

The leak represents a serious escalation in the threat landscape for mobile device security.

The technical architecture of DarkSword represents a sophisticated multi-stage attack vector.

It exploits several interconnected vulnerabilities in Apple's operating systems.

mezha.net

Both DarkSword and Coruna specifically target WebKit components and other system weaknesses.

Apple addressed these vulnerabilities in iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7 security patches.

These vulnerabilities work in concert to create a chain of exploitation.

They bypass Apple's security protections through coordinated attacks.

The simplicity of the leaked code consists of just HTML and JavaScript files.

This makes the exploit particularly dangerous for actors with minimal technical expertise.

The developers noted that 'This payload must be injected into a process with access to the filesystem.'

The leak of DarkSword on GitHub has transformed a sophisticated tool into widely accessible weaponry.

“Last week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users that used an advanced hacking tool called DarkSword”

TechCrunch

It has lowered barriers to entry for cybercriminals and less sophisticated attackers.

Security researchers emphasize the leaked code is designed to be easily repurposed.

Matthias Frielingsdorf, co-founder of iVerify, described this as 'This is bad.'

He warned that 'They are way too easy to repurpose.'

Frielingsdorf also stated 'I don't think this can be contained any longer.'

He recommended expecting criminals to start deploying this exploit.

The GitHub publication allows anyone with basic skills to copy the files.

Users can host them on a server in just minutes to hours.

This democratizes access to previously specialized hacking capabilities.

The scale of potential victimization is enormous according to Apple's data.

Approximately 25% of all iPhone and iPad users remain vulnerable to DarkSword attacks.

9to5Mac

This translates to hundreds of millions of active devices running iOS 18 or earlier versions.

These devices cannot receive the latest security updates.

A cybersecurity hobbyist known as matteyeux successfully hacked an iPad mini running iOS 18.

He used a 'sample in the wild' circulating online.

This proves the practicality of the leaked exploit.

Google's researchers concur with Frielingsdorf's assessment about increased risk.

This creates a massive attack surface for malicious actors.

It could lead to unprecedented levels of device compromise and data theft.

Apple has responded urgently to the escalating security threat.

“A publicly posted DarkSword package could let low skilled attackers compromise outdated iPhones within minutes”

mezha.net

The company issued security updates for older devices that cannot run iOS 26.

mezha.net

Apple spokesperson Sara O'Rourk confirmed awareness of the exploit.

She emphasized that 'Ongoing software updates are the single most important thing you can do to secure your Apple products.'

O'Rourk clarified that devices with updated software are not at risk from these attacks.

Lockdown Mode provides additional protection by blocking these exploits.

Apple published a support document stressing update importance.

This applies even to devices running older operating systems.

The company acknowledges the unique challenges posed by the DarkSword leak.

This reflects Apple's concern about legacy device users' security.

Security experts strongly advise updating iPhone and iPad devices immediately.

This helps mitigate risks posed by the DarkSword exploit.

Matthias Frielingsdorf urges everyone to update their iPhone operating system.

He states that mobile device security requires more attention and regular updates.

The combination of software updates and Lockdown Mode provides comprehensive defense.

Users running older iOS versions should check for available patches immediately.

This applies even to devices that cannot run the latest operating system.

The cybersecurity community emphasizes this as a critical reminder.

It highlights the importance of maintaining vigilance and current security software.

This is especially important as specialized attack tools become widely accessible.