A sophisticated hacking toolkit known as DarkSword has been publicly leaked on GitHub, putting millions of iPhone and iPad users at immediate risk. The exploit, which was previously used in targeted campaigns, is now accessible to virtually anyone, allowing attackers to compromise devices running older versions of Apple’s operating system with minimal technical effort.
The Danger of “Out-of-the-Box” Exploits
Security researchers warn that the leaked files—consisting primarily of straightforward HTML and JavaScript—require no advanced expertise to deploy. Matthias Frielingsdorf, co-founder of mobile security firm iVerify, emphasized the severity of the situation: “I don’t think that can be contained anymore. We need to expect criminals and others to start deploying this.”
According to experts, the exploit works immediately upon deployment. Security hobbyist “matteyeux” confirmed this vulnerability by successfully hacking an iPad mini running iOS 18 using the publicly available sample. Google’s threat intelligence team, which has previously analyzed the DarkSword exploit chain, concurs with the assessment that the barrier to entry for malicious actors has effectively vanished.
What Information Is at Risk?
Technical analysis of the leaked code reveals a dangerous capability for data exfiltration. The exploit is designed to access and steal sensitive information from a device, sending it directly to a server controlled by the attacker. Specifically, the malware targets:
- Contacts and personal messages
- Call history logs
- iOS keychain data (including stored Wi-Fi passwords and credentials)
The code even contains references to uploading this stolen data to remote servers, with some samples linked to infrastructure previously associated with state-sponsored activity.
Apple’s Response and Protection Measures
Apple has acknowledged the threat, confirming that they are aware of exploits targeting outdated operating systems. An emergency security update was issued on March 11 for devices that cannot run the latest versions of iOS.
“Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products,” an Apple spokesperson stated. The company further noted that devices running the latest software, or those with Lockdown Mode enabled, are not susceptible to these specific attacks.
The Scale of the Vulnerability
The threat is significant due to the sheer number of devices still running legacy software. Industry data suggests that approximately one-quarter of all active iPhones and iPads—amounting to hundreds of millions of units—are currently running iOS 18 or older.
This incident follows the recent discovery of Coruna, another high-level hacking toolkit linked to defense contractor L3Harris. As these powerful tools transition from government-grade spyware to publicly available exploits, the urgency for users to update their devices has reached an all-time high. Security professionals strongly advise all users to verify their current iOS version and apply the latest security patches immediately to mitigate the risk posed by the DarkSword leak.