A dangerous iOS exploit is currently attracting attention after the associated code was made public. Dubbed DarkSword, this attack tool specifically targets security vulnerabilities in certain iOS versions. Although Apple has already patched the vulnerabilities, the situation remains critical because many devices have not yet been updated.
The release of exploit code is not a new phenomenon, but in this case, the implications are particularly significant. Previously, another tool called Coruna, possibly developed by a US government agency, was circulating. Now, DarkSword is another exploit that no longer exists in secret but is publicly available on GitHub.
This significantly changes the initial situation. Tools that were originally accessible only to a few players can now be used by a wider audience. Particularly in connection with iOS, this creates a concrete risk for devices that are not up to date.
What is the DarkSword exploit?
DarkSword is an exploit primarily targeting iOS versions between 18.4 and 18.7. However, older versions of iOS are also vulnerable to the exploited flaws.
The attack begins via Safari or the WebKit engine. Code is executed on the device through these entry points. The exploit then uses several vulnerabilities to bypass iOS's sandbox protection mechanisms.
After successful exploitation, an attacker can completely compromise an iPhone or iPad. This means comprehensive access to system functions and stored data.
Publishing on GitHub increases the risk
The crucial point in this case is public availability. The DarkSword code has been uploaded to GitHub and is therefore freely accessible.
According to a TechCrunch report, the version published there is relatively easy to use. This means that no in-depth knowledge of iOS is required to use the exploit.
Matthias Frielingsdorf, co-founder of the security company iVerify, describes the situation as serious. In his estimation, the exploits work immediately and without any special prior knowledge. At the same time, he assumes that criminals and other actors will begin to actively exploit these possibilities.
A Google spokesperson shares this assessment. The combination of ease of use and public availability significantly increases the likelihood of actual attacks.
What data can be accessed
The version published on GitHub contains not only the exploit itself, but also developer notes. These describe in detail how the attack works and what features it includes.
DarkSword is described as a tool that can read and exfiltrate forensically relevant files from iOS devices via HTTP.
Another section of the code deals with the activities following successful exploitation. It documents the entire process by which data is collected and transmitted. The data affected includes, among other things:
- contacts
- Call history
- News
- Contents of the iOS keychain
This information is transferred to an external server. Access to the keyring is particularly critical, as it contains sensitive login credentials.
Which iOS versions are affected?
The exploit primarily targets iOS 18.4 through iOS 18.7, but also works on older versions. This means a wide range of devices are potentially vulnerable.
Apple has since closed the security vulnerabilities and released corresponding updates. The following versions are considered secure:
- iOS 26.3
- iOS 18.7.3
- iOS 16.7.15
- iOS 15.8.7
Devices that have these or newer versions installed are protected against the DarkSword exploit.
Apple's response and recommended actions
An Apple spokesperson confirmed that software updates have been released to close the security gaps. At the same time, they emphasized that updating the system is the most important measure to ensure the security of Apple devices.
It was also pointed out that the so-called lockdown mode also offers protection against DarkSword. This function is specifically designed to restrict targeted attacks.
Why the danger still exists
Despite available updates, a key problem remains: not all devices have been updated. This is precisely where the current risk arises.
Because the exploit is publicly accessible and relatively easy to use, devices with older iOS versions are particularly at risk.
The combination of an existing vulnerability, freely available code, and ease of use creates a situation in which attacks become significantly more likely.
iOS security depends on the current system state
The DarkSword exploit shows how quickly a closed security vulnerability can develop into a real threat again as soon as the corresponding code becomes public.
For iOS, this means specifically: Protection depends significantly on the installed system version. Devices without current updates remain vulnerable, even if the vulnerabilities have officially been patched.
This situation underscores the importance of regular software updates. In a world where exploits are readily available and easy to use, an outdated system quickly becomes a security risk. (Image: Shutterstock / Cherdchai101)
- Smartphone storage grows in 2026 despite high prices
- Instagram abandons encryption: A risky step
- iPhone Air impresses: More successful than the Plus model
- Apple teases AI improvements for WWDC 2026
- Apple announces: WWDC 2026 will take place from June 8th to 12th.
- Apple: John Ternus in focus as possible CEO
- Apple celebrates 50 years: Big celebration planned at Apple Park
- Terafab: Elon Musk plans the world's largest chip factory
- Apple raises prices for external storage media
- Apple planned to acquire Halide but failed
- Elon Musk: Jurors see fraud in Twitter deal
- WhatsApp is planning automatic translation for iPhone
- Apple's Siri: New features could launch soon
- Old Blackberry deals are catching up with Apple in court
- OpenAI develops desktop super app for macOS
- Apple achieves record launch with affordable MacBook Neo
- Apple earned $900 million from AI Apps in 2025
- Apple grows strongly in 2026 despite a weak China market
- Google is working on a Gemini app for macOS users
- Apple Health is getting smarter with AI through Perplexity Health
- Apple extends its 50th anniversary celebration to more countries
