DarkSword iPhone Exploit Kit Leaked on GitHub, Millions of Outdated Devices at Risk of Cyberattacks: Report
A potent iPhone hacking kit called DarkSword was recently leaked on GitHub, putting millions of users on older iOS versions at risk. The exploit allows attackers to steal messages, contacts, and passwords with ease. Apple has urged users to update their software immediately and released emergency patches to mitigate the threat.
Mumbai, March 24: A sophisticated hacking toolkit known as DarkSword, designed to infiltrate iPhones and iPads, has been publicly leaked on the code-sharing platform GitHub. Cybersecurity researchers warn that the availability of this "out-of-the-box" exploit allows individuals with minimal technical expertise to target devices running older versions of Apple’s operating system. The leak follows a previously identified hacking campaign that targeted users with an earlier version of the same spyware.
The leaked files, consisting primarily of HTML and JavaScript, are reportedly easy to repurpose and host on private servers within hours. Security experts from iVerify and Google have confirmed that the exploit is functional and does not require advanced knowledge of iOS to deploy. According to Apple’s internal data, approximately one-quarter of its 2.5 billion active devices still run iOS 18 or earlier, leaving hundreds of millions of users potentially vulnerable to these attacks. Apple WWDC 2026 Date Announced, Know What to Expect.
Technical Impact and Data Security Risks
The DarkSword spyware is engineered to exfiltrate sensitive information from a compromised device and transmit it to an attacker-controlled server. Analysis of the leaked code reveals that the malware can gain access to a person’s contacts, messages, call history, and the iOS keychain, which stores Wi-Fi passwords and other encrypted credentials. Researchers noted that the exploit specifically targets the "post-exploitation" phase, where it systematically "dumps" the phone's contents to a remote location once access is gained.
Interestingly, some files within the toolkit contained references to a Ukrainian apparel website, though the exact connection remains unclear. Previous investigations into DarkSword suggested the malware had been utilized by state-sponsored actors against targets in Ukraine. While the current leak on GitHub makes the tool accessible to a broader range of criminals, the underlying infrastructure remains largely identical to the version used in those highly targeted government-linked operations.
Apple Response and Protective Measures
Apple spokesperson Sarah O’Rourke stated that the company is aware of the exploits targeting older operating systems. The company issued an emergency security update on March 11 specifically for devices unable to run the latest software versions. Apple emphasized that maintaining up-to-date software is the most effective defence against such threats. Furthermore, the company noted that its "Lockdown Mode" feature is capable of blocking these specific DarkSword-style attacks for high-risk users. Apple iPhone Fold New Leaks Suggest Dual-Layer Glass, Zero-Crease Display.
Security professionals recommend that all iPhone and iPad users immediately upgrade to iOS 26 or the latest available security patch for their specific hardware. For those using older devices that cannot support the newest operating system, installing the emergency March 11 patch is considered critical. The leak of DarkSword follows the recent discovery of another advanced toolkit named Coruna, highlighting a growing trend of high-level surveillance tools entering the public domain.
(The above story first appeared on LatestLY on Mar 24, 2026 07:30 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).