A severe iPhone exploit is now public, and anyone can use it

Source: Android Authority

TL;DR

• DarkSword, a serious iPhone exploit kit, just leaked on GitHub.
• Devices running iOS 18.7.3 or earlier — or legacy versions 15.8.7 or 16.7.15 — are vulnerable.
• Contacts, messages, call history, and the iOS keychain (Wi‑Fi passwords and secrets) can be fully exfiltrated.

Overview

A severe iPhone exploit kit called DarkSword has been released publicly on GitHub. Security researchers warn that anyone can use it without specialized iOS knowledge. The exploit chains together weaknesses in WebKit and the iOS sandbox, turning a previously complex spyware tool into a “click‑and‑run” attack.

Discovery and Disclosure

• Google’s Threat Intelligence Group, together with iVerify and Lookout, first reported DarkSword and a related tool named Coruna.
• Matthias Frielingsdorf, co‑founder of iVerify, told TechCrunch: “This is bad. They are way too easy to repurpose.”
• The leaked files are simple HTML and JavaScript that can be hosted on a server in minutes and work immediately on vulnerable devices.

Affected Devices

• iOS 18.7.3 or earlier (including the range iOS 18.4 – 18.7).
• Legacy devices stuck on iOS 15.8.7 or iOS 16.7.15.

Apple estimates that roughly a quarter of all active iPhones and iPads—hundreds of millions of devices—still run these vulnerable versions.

Attack Vector

Visiting a malicious site in Safari can trigger the exploit, allowing attackers to:

• Bypass security layers in the sandbox.
• Exfiltrate contacts, messages, call logs, and the iOS keychain (Wi‑Fi passwords, authentication tokens, etc.).
• Use built‑in instructions in the leaked code to capture and upload the victim’s data.

Mitigation and Recommendations

1. Update Immediately

   • Devices that support iOS 16 (or later) should be updated to iOS 16.3 or newer.
   • Older devices that cannot run iOS 16 must install the final security patches Apple released specifically to block DarkSword.

2. Enable Lockdown Mode (for high‑risk users such as journalists, activists, or executives)

   • Apple’s Lockdown Mode blocks this class of attack and provides additional protection while the device is being updated.

3. Check iOS Version

   • Verify your iPhone or iPad’s iOS version in Settings → General → About.
   • If you are on iOS 18.7.3, 15.8.7, or 16.7.15, apply the latest available update without delay.

References

• TechCrunch article on the leak
• Apple support page on Lockdown Mode
• Android Authority guide to iOS compatibility
• Safari security considerations