Leaked iPhone Exploit Kit 'DarkSword' Puts Hundreds of Millions of Devices at Risk

Powerful iPhone Hacking Tool Leaked Online, Threatening Millions of Users

A sophisticated hacking toolkit capable of compromising millions of iPhones and iPads has been publicly leaked on GitHub, sending alarm bells through the cybersecurity community. The tool, known as DarkSword, can be weaponized by virtually anyone with basic technical knowledge to target Apple devices running outdated versions of iOS.

What Is DarkSword and Why Does It Matter?

Cybersecurity experts first identified DarkSword just last week during an active hacking campaign targeting iPhone users. Shortly after, an updated version of the tool was anonymously published to GitHub — the widely used code-sharing and development platform owned by Microsoft — making it freely accessible to hackers, cybercriminals, and malicious actors worldwide.

The leaked files are composed of straightforward HTML and JavaScript code, meaning anyone can copy, paste, and deploy them on a server within hours — no specialized knowledge of Apple's iOS required.

"This is bad. They are way too easy to repurpose," said Matthias Frielingsdorf, co-founder of mobile security firm iVerify. "I don't think that can be contained anymore. So we need to expect criminals and others to start deploying this."

Frielingsdorf confirmed that the leaked DarkSword variant shares the same underlying infrastructure as samples his team had analyzed previously, though the files themselves differ slightly.

How the Exploit Works

According to comments embedded within the leaked code — likely written by the original developers — DarkSword is designed to:

• Steal sensitive data from an iPhone or iPad and transmit it over the internet to a server controlled by the attacker
• Access personal files including contacts, text messages, call history, and the iOS keychain, which stores Wi-Fi passwords and other confidential credentials
• Inject malicious payloads into system processes that have filesystem-level access
• Conduct post-exploitation activity, systematically harvesting device contents after gaining initial access

One section of the code even references data being uploaded to a Ukrainian apparel website, though the reason for this remains unclear. Notably, DarkSword has been linked to Russian government hackers reportedly targeting Ukrainian individuals and organizations.

Who Is Vulnerable?

The exploit specifically targets iPhones and iPads running iOS 18 or earlier, according to independent analyses from iVerify, Google, and mobile security firm Lookout.

Apple's own usage statistics paint a sobering picture: approximately one in four iPhone and iPad users are still operating on iOS 18 or an older version. With Apple reporting more than 2.5 billion active devices globally, that translates to potentially hundreds of millions of vulnerable devices.

Security hobbyist matteyeux, writing on X (formerly Twitter), confirmed the threat is very real — successfully hacking an iPad mini running iOS 18 using the publicly circulating DarkSword sample.

Google's research team also corroborated iVerify's findings. "Our researchers agree with the assessment," said Kimberly Samra, a spokesperson for Google, which had previously conducted its own analysis of the DarkSword exploit.

Apple's Response and What You Should Do

Apple has acknowledged the threat. Spokesperson Sarah O'Rourke confirmed the company is aware of the exploit and noted that Apple issued an emergency security update on March 11 specifically for older devices unable to run the most recent iOS 26 software.

"Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products," O'Rourke stated, adding that fully updated devices are not at risk and that enabling Lockdown Mode would also successfully block these specific attacks.

Steps Every iPhone and iPad User Should Take Right Now

1. Update your device immediately — Navigate to Settings > General > Software Update and install any available updates
2. Enable Lockdown Mode — Found under Settings > Privacy & Security, this feature provides an extra layer of defense against sophisticated attacks
3. Be cautious of suspicious links — DarkSword can be triggered through malicious web content
4. Check your device regularly for unusual behavior or unexpected data usage

A Broader Pattern of iPhone Spyware Threats

The DarkSword leak follows closely on the heels of another major iOS security disclosure. Just weeks prior, researchers exposed a separate advanced iPhone hacking toolkit called Coruna, which was reportedly developed by U.S. defense contractor L3Harris through its Trenchant division, a unit that builds offensive cyber tools for American government clients and allied nations.

Together, these incidents underscore a growing and increasingly accessible ecosystem of powerful mobile spyware tools — and the urgent need for everyday users to keep their devices updated.

Bottom line: If your iPhone or iPad is not running the latest version of iOS, update it today. The threat is real, the tools are public, and the window for action is narrowing fast.