DarkSword iOS Exploit Kit Leaked on GitHub: 6 Chained Zero-Days Hack iPhones Silently

A newer version of DarkSword — a commercial-grade iOS exploit kit chaining six vulnerabilities, three of which were zero-days at time of deployment — was posted to GitHub on March 23, 2026. It is publicly accessible, requires no advanced knowledge to deploy, and puts an estimated 221 million iPhones at immediate risk.

A security researcher who reviewed the leaked files confirmed the toolkit "will work out of the box." The HTML and JavaScript files can be copied and hosted on a server in minutes. What was previously available only to state-sponsored threat actors and commercial surveillance vendors is now within reach of any attacker with basic infrastructure access.

What DarkSword Is and Where It Came From

DarkSword is an iOS exploit chain first documented by iVerify researchers in early 2026. Google Cloud's Threat Intelligence team subsequently confirmed multiple distinct campaigns using the full chain targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine. The tooling pattern and operational security characteristics led researchers to suspect either a commercial surveillance vendor or a state-adjacent group as the original developer.

The exploit chain was initially observed being deployed via compromised legitimate websites — a technique known as a watering hole attack. A target visits a normal website that has been silently injected with DarkSword delivery code. A single page load is sufficient to initiate the full compromise chain, with no user interaction required beyond opening the browser tab.

The Six Vulnerabilities

DarkSword chains six distinct vulnerabilities to achieve complete device takeover:

CVE-2025-31277 — Memory corruption in JavaScriptCore (WebKit's JavaScript engine). This is the initial entry point. The vulnerability is triggered through malicious JavaScript delivered via a web page. It gives the attacker code execution within the WebContent sandbox — iOS's isolation layer for browser rendering processes.

CVE-2025-43529 — Second memory corruption vulnerability in JavaScriptCore. Used in combination with CVE-2025-31277 to achieve more reliable code execution across different iOS versions and hardware configurations. Running two JavaScriptCore exploits increases the chain's success rate against hardened configurations.

CVE-2025-14174 — Memory corruption in ANGLE (Almost Native Graphics Layer Engine), the graphics translation layer Apple uses to convert OpenGL calls to Metal. Exploiting ANGLE allows the attacker to pivot from the WebContent process into the GPU process — the first sandbox escape in the chain.

CVE-2026-20700 — User-mode Pointer Authentication Code (PAC) bypass in dyld, Apple's dynamic linker. PAC is one of Apple's primary exploit mitigations: it cryptographically signs function pointers so attackers cannot redirect execution without knowing the signing key. CVE-2026-20700 bypasses this protection, enabling reliable control-flow hijacking even on A15 Bionic and later chips that enforce PAC strictly. This was a zero-day at time of use.

CVE-2025-43510 — Memory management vulnerability in the iOS kernel. Used after GPU process access is established to escalate privileges toward kernel-level execution.

CVE-2025-43520 — Memory corruption in the iOS kernel. The final privilege escalation step. Combined with CVE-2025-43510, this achieves kernel-level code execution — the highest privilege level on the device.

The two-stage sandbox escape (WebContent → GPU process → mediaplaybackd → kernel) is technically sophisticated. Most public iOS exploits achieve one sandbox escape. DarkSword chains two, which is why it can deliver persistent device compromise from a single browser visit.

What DarkSword Can Do Once Installed

Full kernel-level access means complete device takeover. Documented capabilities from the iVerify and Google Cloud threat intelligence reports:

• Message interception — iMessage, WhatsApp, Signal (before plaintext decryption), Telegram
• Location history — real-time and historical GPS data
• Browser history — Safari, Chrome, Firefox browsing data
• Camera and microphone activation — without the standard iOS permission indicators
• Cryptocurrency wallet access — seed phrases and private keys stored in apps or iCloud Keychain
• Keychain extraction — passwords, certificates, and tokens stored in iOS Keychain
• Persistent re-infection — can survive a standard iPhone restart via MDM profile or modified system configuration

Notably, DarkSword does not jailbreak the device. The file system appears normal and the device functions normally. Standard user-visible indicators of compromise — unusual battery drain, crashes, unfamiliar apps — may not appear.

Who Is Vulnerable

Vulnerable: Devices running iOS 18.4 through iOS 18.6.2. Apple estimates approximately 14.2% of active iPhones and iPads fall in this range — approximately 221.5 million devices globally.

Not vulnerable: Devices running iOS 18.7 or later (patched all six CVEs), iOS 26 developer beta (patched), and devices with Lockdown Mode enabled (Lockdown Mode blocks the JavaScriptCore entry point by disabling JIT compilation).

The patch timeline matters: CVE-2025-31277, CVE-2025-43529, and CVE-2025-14174 were patched in iOS 18.6 and 18.6.1. CVE-2026-20700 (the PAC bypass) was patched in iOS 18.7 released March 18. CVE-2025-43510 and CVE-2025-43520 were patched in iOS 18.6.2. A device running iOS 18.6 is still vulnerable to the PAC bypass and cannot complete the full chain without it — meaning only iOS 18.7+ users are protected from the full six-vulnerability chain.

Why the GitHub Leak Changes the Threat Landscape

Before the leak, DarkSword required: access to a commercial surveillance vendor (which charges $500K–$2M per deployment license), state-level resources, or membership in a sophisticated threat actor group with the capability to develop the chain independently. The technical barrier to exploitation was extremely high.

After the leak: any attacker who can register a domain, rent a VPS, and copy-paste HTML files can deploy the entry-stage components. The JavaScript files are self-contained and do not require compilation. The exploit chain is modular — even attackers who cannot chain all six steps can use the initial JavaScriptCore stage to deliver simpler payloads.

This is the same threat trajectory that played out with the NSA's EternalBlue exploit after the Shadow Brokers leak in 2017. EternalBlue went from a classified NSA tool to the engine of WannaCry ransomware in weeks. DarkSword's leak follows the same pattern: elite tooling becomes mass-market threat.

What Developers and Security Teams Should Do

For individuals: Update to iOS 18.7 or later immediately. The update patches CVE-2026-20700 (the PAC bypass), which is required to complete the full chain. Enable Lockdown Mode if you are a high-risk target — journalist, executive, activist, or anyone who handles sensitive data. Lockdown Mode breaks the exploit at the JavaScriptCore entry point.

For enterprise security teams:

Audit your mobile device management (MDM) configurations. DarkSword can survive device restarts via malicious MDM profiles. Any iPhone in your fleet enrolled in an MDM should be verified against a known-good baseline configuration.

Review your mobile threat detection coverage. Most enterprise EDR solutions do not have reliable visibility into iOS kernel-level compromise. iVerify and Jamf Protect are the primary tools with detection capability for DarkSword-class exploits — if you're not running one of these, you have no visibility.

Enforce iOS version policy immediately. Any device below iOS 18.7 should be considered compromised until proven otherwise, particularly for employees with access to production systems, source code, financial data, or customer PII.

For developers building iOS apps:

The DarkSword chain targets the OS layer, not application code — there is no application-level mitigation you can implement. Your app cannot detect or prevent OS-level compromise. The attack vector is the browser, not your application.

However: if your app stores sensitive data in iOS Keychain (API keys, OAuth tokens, encryption keys), those are accessible to an attacker who has achieved kernel-level access. Review your key management architecture and consider whether production credentials should be stored on mobile devices at all. For high-value credentials, hardware security keys (YubiKey) or server-side authentication flows that never send the credential to the device are the correct architecture.

The Broader Pattern

DarkSword is the third major iOS exploit kit documented in 2026, following Coruna (attributed to a US-linked framework) and an unnamed kit used against Ukrainian journalists in February. The frequency of high-capability iOS exploitation tools appearing in the public threat landscape — whether through leaks, independent development, or former surveillance vendor employees — is accelerating.

The Supermicro chip smuggling case and Iran's cyberattack campaigns against US infrastructure are part of the same broader pattern: state-adjacent offensive capabilities are proliferating faster than defensive tooling can adapt. DarkSword on GitHub is the mobile equivalent of a military-grade weapon showing up at a hardware store.

Key Takeaways

• DarkSword leaked on GitHub March 23 — HTML and JavaScript files, no compilation needed, deployable in minutes by any attacker
• 6 chained vulnerabilities: CVE-2025-31277, CVE-2025-43529 (JavaScriptCore), CVE-2025-14174 (ANGLE graphics), CVE-2026-20700 (PAC bypass in dyld), CVE-2025-43510, CVE-2025-43520 (kernel escalation)
• 221.5 million iPhones vulnerable — devices running iOS 18.4 through 18.6.2
• Fix: update to iOS 18.7 immediately — this patches the PAC bypass (CVE-2026-20700) required to complete the chain
• Lockdown Mode blocks the entry point — disables JIT compilation that JavaScriptCore exploits require
• Attack vector: a single browser visit to a compromised legitimate website — no user interaction required
• Enterprise teams: audit MDM configurations, enforce iOS 18.7+ policy, review Keychain credential storage for production systems