Overview
- A publicly shared build of the DarkSword exploit on GitHub has made powerful iPhone hacking tools broadly accessible, with researchers saying the files are simple enough for low-skill attackers to run.
- Apple says it has already fixed the bugs DarkSword uses and urges users to update to iOS 26.3.1 or later to prevent the attack from working.
- The framework targets iPhones running iOS 18.4 to 18.7 by using JavaScript on compromised websites to chain WebKit and iOS flaws and then install spyware.
- Once installed, the spyware can pull messages, contacts, location, browsing data, and live audio and send that information to remote servers.
- CISA has added the exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch as researchers warn many devices still on iOS 18 face elevated risk despite strong defenses like Lockdown Mode.