Recently, cybersecurity experts identified a new hacking campaign aimed at iPhone users, utilizing an advanced tool known as DarkSword. This week, a more recent version of DarkSword was made publicly available on GitHub, raising concerns among security professionals.
Experts warn that this leaked exploit kit could empower malicious actors to easily target iPhone users who are operating older versions of Apple's software, specifically those who have not yet upgraded to the latest iOS 26. According to Apple, this situation potentially affects hundreds of millions of iPhones and iPads still in use.
Matthias Frielingsdorf, co-founder of mobile security firm iVerify, expressed serious concerns about the implications of this leak, stating, "These tools are alarmingly easy to repurpose. We should anticipate that cybercriminals will begin to deploy them widely."
Frielingsdorf noted that the newly leaked files share infrastructure with previously analyzed DarkSword versions, although there are some differences. The simplicity of the code--composed mainly of HTML and JavaScript--means that anyone with basic knowledge can replicate and host it online within hours.
"The exploits are ready for immediate use, requiring no specialized knowledge of iOS," he added.
Google's spokesperson, Kimberly Samra, confirmed that their researchers align with Frielingsdorf's assessment regarding the exploit's accessibility and potential risks.
Additionally, a security enthusiast known as matteyeux reported successfully exploiting an iPad mini running the vulnerable iOS 18 using the leaked DarkSword sample, highlighting the ease of use for those with malicious intent.
In response to these developments, Apple has acknowledged the exploit's existence and has taken steps to address the vulnerabilities in older operating systems. Sarah O'Rourke, an Apple spokesperson, emphasized the importance of keeping software updated, stating, "This is the most effective measure to secure your Apple devices." She assured that devices with the latest updates are not at risk from these attacks.
Moreover, the leaked DarkSword code includes comments that detail its functionality, such as the ability to extract sensitive files from iOS devices and transmit this data to an attacker-controlled server. The implications of such capabilities are significant, especially considering that a substantial portion of iPhone and iPad users--approximately one-quarter--are still operating on iOS 18 or earlier.
With over 2.5 billion active devices globally, this vulnerability could expose millions to potential threats. Frielingsdorf recommends that users upgrade their operating systems to safeguard against these exploits.
The emergence of DarkSword follows the discovery of another sophisticated hacking toolkit, Coruna, previously utilized by state-sponsored actors. As technology continues to evolve, so do the methods employed by cybercriminals, underscoring the necessity for robust security measures and user vigilance.
As we navigate this rapidly changing digital landscape, the importance of proactive security measures cannot be overstated. Staying informed and up-to-date is essential for safeguarding personal and sensitive information.
