Overview
- Researchers say a DarkSword build published on GitHub now makes iPhone drive‑by exploits easy to run with simple HTML and JavaScript, and GitHub says it will keep the code available for security research.
- Apple says devices on the latest software are protected, and experts recommend updating to iOS 26.3.1 or at least iOS 18.7.6 with Lockdown Mode enabled to block these attack chains.
- Google, iVerify and Lookout report that DarkSword targets iOS 18.4–18.7, while the separate Coruna kit compromises iOS 13 through 17.2.1 using multi‑step browser and kernel flaws that can steal messages, browsing data, location and crypto wallet info.
- Kaspersky links Coruna’s kernel exploit code to the 2023 Operation Triangulation campaign, indicating a maintained framework that has moved from high‑end espionage to broader criminal use.
- CISA added DarkSword‑related vulnerabilities to its must‑patch list for federal agencies as warnings grow that a large population of unpatched iPhones could face wider watering‑hole campaigns.