Vietnamnet.vn
Podcast
The DarkSword exploit has resurfaced as a serious cybersecurity threat after its code was leaked on GitHub, putting more than 200 million iPhones running older versions of iOS at risk and prompting Apple to urge users to update their devices immediately.
Originally disclosed last week, DarkSword raised alarm for its ability to silently install malware on iPhones running iOS versions from 18.4 to 18.7. At first, the vulnerability was believed to be confined to sophisticated threat actors and intelligence-linked groups targeting corporate and government systems.
However, a report by TechCrunch revealed that the exploit toolkit has now been published on GitHub and “can be deployed instantly.” The individual responsible for the leak appears to have obtained the exploit code from a real-world attack.
According to comments accompanying the post, this is an updated version of DarkSword, capable of “reading and extracting forensic-value files from iOS devices via HTTP.” This means attackers could siphon sensitive data from iPhones or iPads and transmit it over the internet to servers under their control.
The leak presents a double-edged scenario. While cybercriminals can now easily access and deploy the tool for malicious purposes, security vendors and Apple also gain visibility into the exploit’s mechanics, enabling them to strengthen defensive measures.
Apple has confirmed that devices running iOS versions from 15 to 26 remain unaffected. Users operating on iOS 13, 14, or versions between 18.4 and 18.7 are strongly advised to update immediately. According to Apple’s support page, “If your iPhone software is up to date, you are protected.” Devices running iOS 18.7.6 or later are not impacted.
The company also highlighted that the iPhone 17 lineup features Memory Integrity Enforcement, a security layer that continuously protects memory from exploitation attempts.
For users who believe they may be targeted, Apple recommends enabling Lockdown Mode, available since iOS 16, to enhance device protection.
Although iOS does not support antivirus applications in the same way as Android, users can connect their iPhones to a Mac and use security software such as Intego to scan for potential threats.
Security experts note that exploits targeting iPhones are often highly complex, typically chaining together multiple vulnerabilities, as seen with DarkSword. Given the volume of valuable personal and financial data stored on mobile devices, similar threats are likely to emerge again.
Based on data from StatCounter and Apptunix, an estimated 220 million iPhones - around 14% of the global iOS user base - may be affected by this vulnerability.
Du Lam
.svg){kind=icon}
