DarkSword iOS Exploit Chain Enables Rapid Data Theft from Vulnerable iPhones via Safari A sophisticated iOS exploit chain named DarkSword has been identified by researchers from Google Threat Intelligence Group, Lookout, and iVerify. This JavaScript-based attack targets iPhones running older builds of iOS 18 (primarily versions 18.4 to 18.7), exploiting multiple zero-day vulnerabilities in Safari, WebGPU (via ANGLE), JavaScriptCore, and kernel components to achieve remote code execution, sandbox escape, and privilege escalation. The exploit is delivered when users visit compromised or malicious websites, requiring no additional interaction beyond loading the page in Safari. Once executed, DarkSword injects code into privileged system processes like mediaplaybackd, configd, wifid, securityd, and Springboard to collect and stage sensitive information. This includes iMessages, WhatsApp/Telegram chats, emails, saved credentials, keychain data, photos, location history, browser data, and—critically—cryptocurrency wallet contents, indicating a financially motivated component in some campaigns. The operation follows a 'hit-and-run' model: data is exfiltrated to attacker-controlled servers within seconds to minutes, after which traces are cleaned up, making forensic detection difficult as no persistent malware remains after a reboot. The exploit has been used since at least November 2025 by various actors, including suspected Russian state-sponsored groups (such as UNC6353, previously linked to the Coruna kit) targeting Ukrainian users via watering hole attacks on legitimate sites, as well as commercial spyware vendors. Apple has patched the vulnerabilities in subsequent iOS releases (e.g., iOS 26.3). Security experts strongly recommend updating immediately, enabling Lockdown Mode if updates are unavailable, and avoiding suspicious links. The discovery underscores that mobile platforms like iOS face increasingly advanced threats comparable to those on desktops, with exploits now proliferating across multiple adversaries.

DarkSword iOS Exploit Chain Enables Rapid Data Theft from Vulnerable iPhones via Safari

🤖 IA: It's clickbait ⚠️
👥 Usuarios: It's clickbait ⚠️

#iosexploit #cybersecurity #iphonevulnerability

View full AI summary: