You are out of time to update: Severe iOS hack code leaks to everyone

The DarkSword exploit, which primarily targets devices running older iOS versions, has unfortunately made its way to GitHub. It has been patched, so update now.

After Coruna, an exploit tool potentially developed by the US government, surfaced on the black market, the same thing happened with another tool, dubbed DarkSword. Now, DarkSword has been made publicly available on GitHub.

DarkSword primarily targeted iOS 18.4 through iOS 18.7, though older versions of iOS were vulnerable as well. The exploit relied on Safari and WebKit for initial code execution, after which it escaped multiple sandbox layers before fully compromising an iPhone or iPad.

Apple ended up patching the exploit with iOS 26.3 and iOS 18.7.3, while even older iOS devices received the iOS 15.8.7 and iOS iOS 16.7.15. Not everyone has updated to the latest compatible versions of iOS, however, which is where the danger lies.

As TechCrunch notes, the version of DarkSword found on GitHub can be used with relative ease to target devices running older releases of iOS.

"This is bad," said Matthias Frielingsdorf, co-founder of the security startup iVerify, adding that "the exploits will work out of the box" as "there is no iOS expertise required."

Frielingsdorf also said that we can "expect criminals and others to start deploying this." A spokesperson for Google agreed with this assessment, the report says.

An Apple spokesperson, meanwhile, reiterated that the iPhone maker issued software updates to patch the DarkSword exploit, and emphasized the importance of updating to newer iOS versions.

"Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products," said Apple spokesperson Sarah O'Rourke, adding that Lockdown Mode was also effective against DarkSword.

The version of DarkSword uploaded to GitHub contains developer notes that describe the exploit, its processes, and capabilities. DarkSword is described as a tool that "reads and exfiltrates forensically-relevant files from iOS devices via HTTP."

Another portion of the leaked code details the "post-exploitation activity." It outlines the entire process of obtaining an iPhone user's contacts, call history, messages, and iOS keychain, and uploading the information to a remote server.

In any case, the best thing users can do to prevent the leaked exploit from being used against them is to update their software. iOS 26.3 and newer, or iOS 18.7.3, patches all of the vulnerabilities used by DarkSword, and AppleInsider encourages you to update to these versions.