Skip to main content

DarkSword exploit, which affects outdated versions of iOS, leaks on GitHub

Avatar for Marcus Mendes  | Mar 23 2026 - 3:04 pm PT
2 Comments
Apple internal tools data breach leak

The exploit, revealed last week by Google’s Threat Intelligence Group, is now publicly available on GitHub, increasing the urgency for older iPhones and iPads to run the latest available iOS and iPadOS versions. Here are the details.

’This is bad’

In recent weeks, Google’s Threat Intelligence Group, iVerify, and Lookout revealed details of two exploits, Coruna and DarkSword, that chain multiple iOS and iPadOS vulnerabilities to compromise outdated iPhones and iPads.

In a nutshell, both exploits rely on WebKit and other vulnerabilities that Apple recently patched with iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, allowing attackers to steal user data or gain full control of a device.

Following the disclosure of both exploits, Apple published a support document stressing the importance of keeping devices up to date, even if they can’t run iOS 26 or iPadOS 26. Apple also added that Lockdown Mode can further curb hacking attempts.

Now, as spotted by TechCrunch, “someone has leaked a newer version of DarkSword and published it on the code-sharing site GitHub,” which essentially means attacks exploiting these vulnerabilities are very likely to increase.

From TechCrunch:

Frielingsdorf said that these new versions of DarkSword spyware share the same infrastructure with the ones he and his iVerify colleagues analyzed previously, although the files are slightly different. The files uploaded to GitHub are uncomplicated, just HTML and JavaScript, he said, meaning anyone can copy and paste them and host them on a server “in a couple minutes to hours.”

When asked about the leak, Matthias Frielingsdorf, co-founder of iVerify, told TechCrunch:

“This is bad. They are way too easy to repurpose. (…) I don’t think that can be contained anymore. So we need to expect criminals and others to start deploying this. (…) The exploits will work out of the box. (…) There is no iOS expertise required.”

TechCrunch contacted Apple and Microsoft (which owns GitHub) about the exploit. While Microsoft did not immediately respond, Apple said the company “was aware of the exploit targeting devices running older and out-of-date operating systems and issued an emergency update on March 11 for devices unable to run recent versions of iOS.”

To read TechCrunch’s full report, follow this link.

Worth checking out on Amazon

Add 9to5Mac as a preferred source on Google Add 9to5Mac as a preferred source on Google

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

AAPL Company

AAPL Company

Breaking news from Cupertino. We’ll give you t…
iOS

iOS

iOS is Apple's mobile operating system that runs…
iPadOS

Author

Avatar for Marcus Mendes Marcus Mendes

Marcus Mendes is a Brazilian tech podcaster and journalist who has been closely following Apple since the mid-2000s.

He began covering Apple news in Brazilian media in 2012 and later broadened his focus to the wider tech industry, hosting a daily podcast for seven years.