DarkSword Exploit Targets iOS 18 Links

๐ก270M iOS at DarkSword riskโsecure Apple devices for AI workflows now.
โก 30-Second TL;DR
What Changed
DarkSword exploit hits iOS 18.4 through 18.6.2 via infected links.
Why It Matters
Exposes massive iPhone user base to espionage risks, driving urgent patches. Underscores need for timely updates in mobile ecosystems used for development.
What To Do Next
Update iOS development devices to latest version to patch DarkSword vulnerability.
Key Points
- โขDarkSword exploit hits iOS 18.4 through 18.6.2 via infected links.
- โขSteals personal info from iPhones visiting malicious websites.
- โขDeployed by Russian hackers, risks 270 million outdated devices.
- โขFindings from Google Threat Intelligence, Lookout, iVerify.
๐ง Deep Insight
Web-grounded analysis with 7 cited sources.
๐ Enhanced Key Takeaways
- โขDarkSword leverages six zero-day vulnerabilities and supports iOS versions up to 18.7, broader than the 18.4-18.6.2 range initially reported[1].
- โขPost-compromise, it deploys three malware families: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER[1].
- โขUNC6353, a suspected Russian espionage group, and UNC6748 have adopted DarkSword, similar to their prior use of the Coruna exploit kit[1].
- โขKey vulnerabilities include CVE-2025-43529 (JavaScriptCore DFG JIT garbage collection bug) for iOS 18.6-18.7 and CVE-2026-20700 (dyld PAC bypass)[1].
๐ ๏ธ Technical Deep Dive
- โขDarkSword chain uses multiple zero-days: for iOS 18.6-18.7, CVE-2025-43529 in JavaScriptCore's DFG JIT layer (garbage collection bug, patched in iOS 18.7.3 and 26.2) develops fakeobj/addrof primitives for arbitrary read/write[1].
- โขChained with CVE-2026-20700, a dyld bug enabling user-mode Pointer Authentication Codes (PAC) bypass for arbitrary code execution (patched in iOS 26.3)[1].
- โขLoader modifications include fetching rce_module_18.6.js, with logic flaws failing to serve iOS 18.4 exploit correctly or account for iOS 18.7 (released September 2025)[1].
- โขGHOSTKNIFE malware includes snippets for deleting crash logs to evade detection[1].
๐ฎ Future ImplicationsAI analysis grounded in cited sources
โณ Timeline
๐ Sources (7)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
Weekly AI Recap
Read this week's curated digest of top AI events โ
๐Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: The Verge โ
