Particle.news
Download on the App Store
8 ARTICLES
·
3h ago

Leaked DarkSword Toolkit Raises iPhone Spyware Risk for Unpatched Devices

A public GitHub post turns an elite iPhone hack into code that less skilled attackers can run.

Broken iPhones are seen as a part of replica of Formula E car made by used electronics, on the opening day of the United Nations Climate Change Conference COP28 in Dubai, United Arab Emirates on November 30, 2023. (Photo by Jakub Porzycki/NurPhoto via Getty Images)
Image
Image
Image

Overview

  • The DarkSword iPhone hacking toolkit is now posted on GitHub, making it easy to download and run, researchers say.
  • iPhones on iOS 18.4 to 18.7 are vulnerable, and Apple says iOS 26.3 and later fix the bugs as adoption lags with almost one in three devices not on iOS 26.
  • The kit booby-traps web pages with HTML and JavaScript that hit Safari, then chains iOS flaws to pull messages, browser data, audio and location from a device.
  • Google, iVerify and Lookout tied DarkSword campaigns to Ukraine and also saw targeting in Saudi Arabia, Turkey and Malaysia as use spreads beyond state groups.
  • CISA added the exploited flaws to its must‑patch list for federal agencies, and Apple points to Lockdown Mode as a defense that has blocked these chains in tests.