๐Ÿ“ฐStalecollected in 16m

DarkSword Exploit Targets iOS 18 Links

DarkSword Exploit Targets iOS 18 Links
PostLinkedIn
๐Ÿ“ฐRead original on The Verge

๐Ÿ’ก270M iOS at DarkSword riskโ€”secure Apple devices for AI workflows now.

โšก 30-Second TL;DR

What Changed

DarkSword exploit hits iOS 18.4 through 18.6.2 via infected links.

Why It Matters

Exposes massive iPhone user base to espionage risks, driving urgent patches. Underscores need for timely updates in mobile ecosystems used for development.

What To Do Next

Update iOS development devices to latest version to patch DarkSword vulnerability.

Who should care:Developers & AI Engineers

Key Points

  • โ€ขDarkSword exploit hits iOS 18.4 through 18.6.2 via infected links.
  • โ€ขSteals personal info from iPhones visiting malicious websites.
  • โ€ขDeployed by Russian hackers, risks 270 million outdated devices.
  • โ€ขFindings from Google Threat Intelligence, Lookout, iVerify.

๐Ÿง  Deep Insight

Web-grounded analysis with 7 cited sources.

๐Ÿ”‘ Enhanced Key Takeaways

  • โ€ขDarkSword leverages six zero-day vulnerabilities and supports iOS versions up to 18.7, broader than the 18.4-18.6.2 range initially reported[1].
  • โ€ขPost-compromise, it deploys three malware families: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER[1].
  • โ€ขUNC6353, a suspected Russian espionage group, and UNC6748 have adopted DarkSword, similar to their prior use of the Coruna exploit kit[1].
  • โ€ขKey vulnerabilities include CVE-2025-43529 (JavaScriptCore DFG JIT garbage collection bug) for iOS 18.6-18.7 and CVE-2026-20700 (dyld PAC bypass)[1].

๐Ÿ› ๏ธ Technical Deep Dive

  • โ€ขDarkSword chain uses multiple zero-days: for iOS 18.6-18.7, CVE-2025-43529 in JavaScriptCore's DFG JIT layer (garbage collection bug, patched in iOS 18.7.3 and 26.2) develops fakeobj/addrof primitives for arbitrary read/write[1].
  • โ€ขChained with CVE-2026-20700, a dyld bug enabling user-mode Pointer Authentication Codes (PAC) bypass for arbitrary code execution (patched in iOS 26.3)[1].
  • โ€ขLoader modifications include fetching rce_module_18.6.js, with logic flaws failing to serve iOS 18.4 exploit correctly or account for iOS 18.7 (released September 2025)[1].
  • โ€ขGHOSTKNIFE malware includes snippets for deleting crash logs to evade detection[1].

๐Ÿ”ฎ Future ImplicationsAI analysis grounded in cited sources

Apple will patch remaining DarkSword vulnerabilities in iOS 26.4 by Q2 2026
GTIG reported vulns like CVE-2026-20700 leading to rapid patches in prior versions such as 26.3, following their standard response to zero-days[1].
DarkSword proliferation will increase state-sponsored iOS attacks by 20% in 2026
Its adoption by multiple actors like UNC6353/UNC6748, mirroring Coruna kit spread, indicates reuse across espionage campaigns[1].

โณ Timeline

2025-09
iOS 18.7 released, but DarkSword loader fails to account for it in UNC6748 deployment
2025-11
Apple patches CVE-2025-43529 in iOS 18.7.3 and 26.2 after GTIG report
2026-01
Apple patches CVE-2026-20700 in iOS 26.3 following GTIG disclosure
2026-03
Google Threat Intelligence publishes DarkSword analysis revealing UNC6353/UNC6748 adoption
๐Ÿ“ฐ

Weekly AI Recap

Read this week's curated digest of top AI events โ†’

๐Ÿ‘‰Related Updates

AI-curated news aggregator. All content rights belong to original publishers.
Original source: The Verge โ†—