DarkSword iPhone exploit surfaces, puts apple device at risk

Srinagar , Mar 25: A sophisticated iPhone hacking tool known as DarkSword has resurfaced online, raising fresh concerns about the security of millions of devices running older versions of Apple’s operating system.

The exploit, first identified last week by the Google Threat Intelligence Group, is described as a “full-chain” attack capable of completely compromising targeted devices by leveraging multiple previously unknown vulnerabilities.

Security researchers say a new version of DarkSword has now been uploaded to the widely used code-sharing platform GitHub, potentially putting the tool within reach of a much broader range of malicious actors.

According to GTIG, DarkSword uses six distinct vulnerabilities along with three malware families—GHOSTBLADE, GHOSTKNIFE and GHOSTSABER—to infiltrate iPhones. The tool has already been linked to targeted campaigns in countries including Saudi Arabia, Turkey, Malaysia and Ukraine, with suspected involvement of surveillance vendors and state-backed actors.

The exploit affects devices running iOS versions between 18.4 and 18.7. While Apple has since patched these vulnerabilities in iOS 26.3, older devices—particularly models such as the iPhone X and earlier—remain exposed as they are unable to upgrade to the latest software.

Cybersecurity experts warn that the public availability of the exploit significantly escalates the threat landscape. “This is bad. They are way too easy to repurpose. We should expect criminals and others to start deploying this,” said Matthias Frielingsdorf, co-founder of mobile security firm iVerify, in a statement.

He noted that the version uploaded online closely resembles previously analysed samples, but is simplified into basic HTML and JavaScript files. This means even individuals with limited technical expertise could deploy the exploit within minutes.

Researchers estimate that hundreds of millions of iPhones and iPads could be vulnerable, particularly those that have not been updated or are no longer eligible for newer iOS versions.

Experts stress that updating to the latest available iOS version remains the most effective defense against such threats.