๐ฆ๐บiTNews AustraliaโขStalecollected in 0m
Darksword Spyware Hits Millions of iPhones
๐กNew iPhone spyware threatโsecure your AI iOS deployments now.
โก 30-Second TL;DR
What Changed
'Darksword' iPhone spyware uncovered
Why It Matters
Highlights iOS vulnerabilities, urging stronger device security for AI apps running on iPhones.
What To Do Next
Update iOS devices and scan for Darksword signatures using Apple's security tools.
Who should care:Researchers & Academics
๐ง Deep Insight
Web-grounded analysis with 8 cited sources.
๐ Enhanced Key Takeaways
- โขDarkSword targets iOS versions 18.4 through 18.7, using a hit-and-run technique to exfiltrate data like credentials, cryptocurrency wallets, and iCloud files before self-deleting.[1][2]
- โขAttributed to UNC6353, a suspected well-funded Russian threat actor with financial and espionage motives, who previously used the Coruna exploit kit.[2][4][5]
- โขDiscovered by Lookout Threat Labs in collaboration with Google Threat Intelligence Group and iVerify while investigating Coruna infrastructure.[1][3][4]
๐ ๏ธ Technical Deep Dive
- โขLeverages six vulnerabilities including type confusion, use-after-free, out-of-bounds write, copy-on-write kernel bugs, and kernel privilege escalation, all previously fixed by Apple.[2][3]
- โขStarts with Safari/WebKit exploits (e.g., CVE-2025-43529 in JavaScriptCore DFG JIT), pivots via WebGPU/ANGLE out-of-bounds write for sandbox escape, then targets XNU kernel via AppleM2ScalerCSCDriver.[3][5]
- โขBypasses PAC and TPRO mitigations by abusing dyld structures and thread state manipulation; deploys payloads like GHOSTBLADE, GHOSTKNIFE, GHOSTSABER with full kernel privileges.[3][5]
- โขServer-side components show LLM-generated code with detailed comments, enabling modular extensibility in a high-level language despite poor OPSEC like un-obfuscated JavaScript.[2][4]
๐ฎ Future ImplicationsAI analysis grounded in cited sources
Apple-patched vulnerabilities reduce DarkSword's reach to <15% of iOS devices
Proliferation of exploit kits like DarkSword and Coruna signals shift to mass mobile attacks
โณ Timeline
2026-03
Lookout, Google, iVerify discover DarkSword while probing UNC6353's Coruna infrastructure
2026-03
Researchers publish joint analysis revealing hit-and-run infostealer targeting iOS 18.4-18.7
๐ Sources (8)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
- lookout.com โ Lookout Uncovers Darksword Ios Exploit Chain
- bleepingcomputer.com โ New Darksword Ios Exploit Used in Infostealer Attack on Iphones
- iverify.io โ Darksword Ios Exploit Kit Explained
- cyberscoop.com โ Second Ios Exploit Kit Emerges From Suspected Russian Hackers Using Possible U S Government Developed Tools
- cloud.google.com โ Darksword Ios Exploit Chain
- xda-developers.com โ Darksword Ios 18 Exploit Allows Hackers to Covertly Steal Sensitive Information From Iphones
- lasvegassun.com โ Lookout Uncovers Darksword Ios Exploit Chain Expos
- investing.com โ Researchers Uncover Iphone Spyware Capable of Penetrating Millions of Devices 4568724
๐ฐ
Weekly AI Recap
Read this week's curated digest of top AI events โ
๐Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: iTNews Australia โ