Inside DarkSword: A New iOS Exploit Kit Delivered ... - iVerify
DarkSword is a "full-chain" exploit framework designed to compromise iPhones and iPads running older versions of iOS 18. Unlike traditional malware that requires a user to download a suspicious app, DarkSword is often delivered via . In these scenarios, attackers compromise legitimate websites—such as news portals or government resources—and inject malicious scripts that automatically infect visitors using the Safari browser. How the Exploit Works Daggersploit - Exploit
: Once full control is established, the framework can deploy various JavaScript-based malware families—such as GHOSTBLADE , GHOSTKNIFE , or GHOSTSABER —to exfiltrate data. What is at Risk? Inside DarkSword: A New iOS Exploit Kit Delivered
: The attack begins in the Safari browser (WebKit) using a remote code execution (RCE) vulnerability. : The attack begins in the Safari browser
: It leverages a memory corruption flaw and bypasses Pointer Authentication Codes (PAC) to escape the browser's security sandbox.
The DarkSword exploit chain is remarkably complex, moving through several layers of the iOS operating system to gain total control:
The Rise of DarkSword: A New Era of Mass iOS Exploitation Recent discoveries by cybersecurity researchers have unveiled a sophisticated iPhone hacking toolkit known as . Disclosed in March 2026, this exploit represents a significant shift from highly targeted spyware to mass-scale campaigns affecting everyday users. What is DarkSword?