Google Uncovers ‘DarkSword’ Exploit Chain Targeting Outdated iPhones
In a recent disclosure, Google’s Threat Intelligence Group (GTIG) has unveiled a new exploit chain, dubbed DarkSword, which poses a significant threat to iPhones running outdated versions of iOS. This revelation follows closely on the heels of the previously identified Coruna exploit, underscoring the critical importance of keeping devices updated to the latest software versions.
Understanding the DarkSword Exploit
DarkSword operates by chaining multiple vulnerabilities to achieve a full kernel-level compromise of the device. The attack is typically initiated through compromised or decoy websites that deliver the exploit to unsuspecting users. Once the initial breach is successful, the exploit deploys payloads with codenames such as GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER, each designed to perform specific malicious activities on the compromised device.
Geographical Targeting and Actors Involved
According to GTIG, DarkSword has been deployed against targets in several countries, including Saudi Arabia, Turkey, Malaysia, and Ukraine. The exploit is reportedly utilized by multiple commercial surveillance vendors and suspected state-sponsored actors, indicating a broad and potentially coordinated effort to exploit these vulnerabilities.
Technical Details and Associated Vulnerabilities
The DarkSword exploit chain leverages several vulnerabilities, each identified by a Common Vulnerabilities and Exposures (CVE) number. The key vulnerabilities associated with DarkSword include:
– CVE-2025-31277: Patched in iOS 18.6.
– CVE-2026-20700: Patched in iOS 26.3.
– CVE-2025-43529: Patched in iOS 18.7.3 and iOS 26.2.
– CVE-2025-14174: Patched in iOS 18.7.3 and iOS 26.2.
These vulnerabilities, when exploited in sequence, allow attackers to bypass security measures and gain unauthorized access to the device’s core functions.
Apple’s Response and Security Measures
In response to the discovery of DarkSword and similar exploits, Apple has been proactive in releasing security updates to mitigate these threats. On March 11, 2026, Apple released updates for iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, addressing kernel and WebKit vulnerabilities exploited by these chains.
Apple has also published a support document titled Update iOS to protect your iPhone from web attacks, emphasizing the importance of keeping devices up to date. The document outlines steps for users to ensure their devices are protected:
– Devices with the latest versions of iOS 15 through iOS 26: Already protected. Users are encouraged to update their software if they haven’t done so recently.
– Older devices unable to update to the latest iOS version: Apple released software updates on March 11, 2026, to extend protection to these devices.
– Devices with iOS 13 or iOS 14: Must update to iOS 15 to receive these protections. Users will receive an alert to install a Critical Security Update in the coming days.
Additionally, Apple recommends enabling Lockdown Mode for users unable to update their devices. This feature provides an extra layer of security against malicious web content and other threats.
The Importance of Regular Software Updates
The emergence of exploit chains like DarkSword and Coruna highlights the ever-evolving landscape of cybersecurity threats. Attackers continually develop sophisticated methods to exploit vulnerabilities, particularly in outdated software. Regular software updates are crucial as they often include patches for known vulnerabilities, thereby reducing the risk of exploitation.
Users are strongly advised to:
– Regularly check for and install software updates: Ensure that all devices are running the latest available versions of their operating systems.
– Enable automatic updates: This feature ensures that devices receive and install updates promptly upon release.
– Be cautious of suspicious websites and links: Avoid visiting unknown or untrusted websites, as they may host malicious content designed to exploit vulnerabilities.
– Utilize security features like Lockdown Mode: For users who may be at higher risk or unable to update their devices, enabling additional security features can provide enhanced protection.
Conclusion
The discovery of the DarkSword exploit chain serves as a stark reminder of the importance of cybersecurity vigilance. By keeping devices updated and adhering to recommended security practices, users can significantly reduce their vulnerability to such sophisticated attacks. As technology continues to advance, so too do the methods employed by malicious actors, making proactive security measures more critical than ever.
