A potent hacking tool, DarkSword, has been publicly leaked on GitHub, exposing millions of iPhones and iPads to potential compromise. Cybersecurity experts warn that this development drastically lowers the barrier for malicious actors to exploit vulnerabilities in older versions of Apple’s iOS operating system. The leaked kit requires minimal technical expertise to deploy, making widespread attacks highly probable.
Зміст
The Leak & Its Implications
The leaked version of DarkSword is described as “easy to repurpose” by Matthias Frielingsdorf, co-founder of iVerify. The tool consists of readily available HTML and JavaScript files, allowing hackers to set up operational exploits within hours. This ease of use means that even inexperienced attackers can target vulnerable devices.
Why this matters: The DarkSword exploit specifically targets iPhones and iPads running iOS 18 or earlier. Apple’s own data indicates that roughly 25% of active devices — potentially hundreds of millions — remain on these outdated systems. This vulnerability isn’t theoretical; security researcher matteyeux successfully hacked an iPad mini running iOS 18 using the leaked sample.
How DarkSword Works
The exploit operates by extracting sensitive data from compromised devices via HTTP. This includes contacts, messages, call logs, and Wi-Fi passwords stored in the iOS keychain. The stolen information is then uploaded to attacker-controlled servers.
Key details: The leaked code contains explicit instructions on how to implement the exploit, including comments that detail the exfiltration process. One comment describes how the malware “reads and exfiltrates forensically-relevant files from iOS devices.” Another references “post-exploitation activity” – the phase where stolen data is systematically dumped onto remote servers.
Known Origins and Potential Targets
DarkSword has previously been linked to Russian government hackers who allegedly used it against Ukrainian targets. One unusual detail in the leaked code references uploading stolen data to a Ukrainian apparel website, though the reason remains unclear.
The broader context: The leak of DarkSword underscores the growing threat of state-sponsored hacking tools becoming publicly available. This trend not only increases the risk for individuals but also complicates geopolitical security, as these exploits can be weaponized by various actors.
Apple’s Response & Mitigation
Apple acknowledged the exploit targeting older devices and released an emergency update on March 11 for systems unable to run the latest iOS versions. The company stresses that keeping software up to date is the most effective defense. Lockdown Mode, also blocks these specific attacks.
For users: If you are running iOS 18 or earlier, upgrading to the latest version is crucial. Without this update, your device remains highly vulnerable to exploitation.
The public availability of DarkSword significantly increases the threat landscape for iPhone and iPad users. The tool’s simplicity and proven effectiveness make it a dangerous asset in the hands of malicious actors, underscoring the urgent need for widespread software updates and enhanced cybersecurity awareness.
