A powerful iPhone hacking tool called DarkSword has leaked onto the public internet, putting hundreds of millions of Apple device users at risk, especially those running older software.
Someone published a version of DarkSword to GitHub, a widely used code-sharing website, making it easy for virtually anyone to download and use the malicious code to attack Apple users. Security researchers at Google, iVerify, and Lookout first documented DarkSword last week, but its public release has dramatically raised the stakes.
DarkSword is what experts call a “zero-click” exploit. That means a person can have their iPhone compromised simply by visiting a website, no tapping, no downloading, no interaction at all required. The tool chains together six different software vulnerabilities, including flaws in Safari’s WebKit browser engine and the iOS operating system’s core, to seize full control of a targeted device. Once inside, it can steal messages, passwords, photos, location history, and even cryptocurrency wallets, then erase its own tracks to avoid detection.
Rocky Cole, co-founder of mobile security firm iVerify, called the GitHub leak deeply troubling. “It’s extremely alarming that this leaked out on GitHub,” Cole told CyberScoop. “I would assume that it’s being used all around the world, and including here in the United States.”
DarkSword primarily targets iPhones and iPads running iOS 18.4 through iOS 18.7, which were released between March and September 2025. According to federal security analysts, any device that hasn’t been updated in the past six months is potentially exposed. Apple’s own statistics show that nearly one in three iPhone and iPad users are still not running the latest iOS 26 software, potentially leaving hundreds of millions of devices vulnerable across Apple’s base of more than 2.5 billion active devices worldwide.
Researchers have already observed DarkSword being used to target users in China, Malaysia, Turkey, Saudi Arabia, and Ukraine. It remains unclear who originally developed DarkSword, how it spread to different hacking groups, or who leaked it onto GitHub. The code is written in HTML and JavaScript making it relatively simple to configure and deploy.
The Cybersecurity and Infrastructure Security Agency (CISA) this week added the vulnerabilities exploited by DarkSword to its list of flaws that federal agencies must patch immediately.
Apple spokesperson Sarah O’Rourke told TechCrunch that devices running the latest versions of iOS 15 through iOS 26 are already protected. “Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products,” she said.
Apple also says that Lockdown Mode, an opt-in security feature available since iOS 16, blocks these specific attacks. The company confirmed Friday (March 28) that it is not aware of any successful spyware attack against a device with Lockdown Mode enabled. Lockdown Mode is particularly recommended for journalists, human rights defenders, dissidents, and anyone who believes they may be a high-value target.
Recent Comments