Public Leak of DarkSword Exploit Kit Puts Millions of iPhones at Risk
In a significant cybersecurity development, the advanced iPhone hacking tool known as DarkSword has been publicly leaked on GitHub, raising alarms about potential widespread exploitation. This leak follows closely on the heels of a recent campaign that targeted iPhone users with DarkSword, underscoring the escalating threats to mobile device security.
Cybersecurity experts are expressing deep concern over the accessibility of DarkSword to a broader audience, including cybercriminals with limited technical expertise. Matthias Frielingsdorf, co-founder of mobile security firm iVerify, emphasized the gravity of the situation, stating, This is bad. They are way too easy to repurpose. I don’t think that can be contained anymore. So we need to expect criminals and others to start deploying this.
The leaked version of DarkSword is particularly alarming due to its simplicity and ease of deployment. Frielingsdorf noted that the exploit consists of basic HTML and JavaScript files, allowing individuals to host them on a server within minutes. He further explained, The exploits will work out of the box. There is no iOS expertise required.
This development poses a significant threat to iPhone users who have not updated to the latest iOS 26 software. According to Apple’s data, hundreds of millions of devices are running outdated versions of the operating system, making them vulnerable to attacks utilizing the DarkSword exploit.
The situation is reminiscent of previous incidents where government-developed hacking tools have fallen into the wrong hands. For instance, in 2025, a suite of government hacking tools targeting iPhones was identified as being used by cybercriminals. Google’s Threat Analysis Group discovered the exploit kit, dubbed Coruna, which had transitioned from government use to broader cybercriminal deployment. This incident highlighted the risks associated with the proliferation of sophisticated hacking tools beyond their intended governmental use.
The public availability of DarkSword underscores the urgent need for users to update their devices to the latest software versions. Regular updates are crucial as they often include patches for known vulnerabilities, thereby reducing the risk of exploitation. Apple has a history of addressing such vulnerabilities promptly. For example, in March 2025, Apple released patches for a zero-day bug that was exploited in an extremely sophisticated attack against specific targeted individuals. The vulnerability was found in WebKit, the browser engine powering Safari and other apps, and allowed hackers to break out of WebKit’s protective sandbox with maliciously crafted web content.
The leak of DarkSword also raises questions about the security of exploit development and the potential for such tools to be misused. In October 2025, Apple alerted an exploit developer that his iPhone was targeted with government spyware. This incident highlighted the complex landscape of cybersecurity, where even those involved in developing security tools can become targets themselves.
In light of these developments, cybersecurity professionals are urging users to remain vigilant. Regular software updates, cautious downloading practices, and awareness of phishing attempts are essential steps in safeguarding personal devices. As Frielingsdorf aptly put it, the ease with which DarkSword can be repurposed means that we need to expect criminals and others to start deploying this.
The broader cybersecurity community is also calling for more robust measures to prevent the leakage of such powerful tools. The transition of DarkSword from a targeted hacking tool to a publicly available exploit kit serves as a stark reminder of the potential consequences when sophisticated cyber tools are not adequately secured.
As the situation unfolds, it is imperative for both users and organizations to prioritize cybersecurity. Staying informed about potential threats, implementing best practices for device security, and fostering a culture of vigilance can collectively mitigate the risks posed by such exploit kits.
