CP
cyberpings
VulnerabilitiesHIGH

iOS Vulnerabilities - DarkSword Exploit Kit Uncovered

SWSecurityWeek
CVE-2025-31277CVE-2025-43529CVE-2026-20700DarkSwordUNC6353
🎯

Basically, hackers found a way to take over iPhones using hidden tricks.

Quick Summary

A new exploit kit, DarkSword, targets iOS vulnerabilities for surveillance. Millions of iPhones are potentially compromised. Users must update their devices to stay safe.

The Flaw

Security researchers have uncovered a sophisticated exploit kit named DarkSword, which targets six critical vulnerabilities in Apple's iOS. This exploit chain is designed for surveillance and can lead to full device compromise with minimal user interaction. DarkSword is linked to the Russian state-sponsored group known as UNC6353, which has been active in attacks against Ukraine. The exploit kit exploits vulnerabilities in Safari and the iOS kernel to execute malicious code.

The vulnerabilities targeted by DarkSword include CVE-2025-31277, CVE-2025-43529, CVE-2025-14174, CVE-2025-43510, CVE-2025-43520, and CVE-2026-20700. These flaws allow attackers to bypass security measures and gain unauthorized access to devices. The exploitation process begins with Safari bugs, leading to remote code execution (RCE), and culminates in privilege escalation through kernel exploits.

What's at Risk

The implications of DarkSword are significant, as it can compromise sensitive information on millions of iPhones. Researchers estimate that approximately 221 million devices running vulnerable iOS versions are at risk. This includes personal data such as passwords, messages, photos, and even cryptocurrency wallets. The exploit's ability to operate through watering hole attacks—where legitimate websites are compromised—makes it particularly dangerous, as users may unknowingly visit these sites.

The potential for extensive data theft is alarming. The final payload of DarkSword is designed to exfiltrate a wide range of sensitive information, including call history, browser data, and Apple Health data. This level of access poses a serious threat to users' privacy and security.

Patch Status

Apple has released patches for all the vulnerabilities exploited by DarkSword. However, many devices remain unprotected, with estimates suggesting that 14.2% of users are still vulnerable. Users are urged to update their devices to the latest iOS versions, specifically 26.3.1 and 18.7.6, which include crucial security fixes. Despite these patches, the sheer number of affected devices indicates a large attack surface for potential exploitation.

Experts warn that the existence of DarkSword suggests a growing market for sophisticated exploit chains. The fact that both state-sponsored and commercial spyware vendors are utilizing such tools highlights the urgent need for enhanced security measures across the iOS ecosystem.

Immediate Actions

To mitigate the risks associated with DarkSword, users should take immediate action to secure their devices. Updating to the latest iOS versions is critical. Additionally, users should be cautious when visiting unfamiliar websites and consider employing security software that can detect and block potential threats.

Organizations should also implement training programs to raise awareness about the risks of watering hole attacks and the importance of keeping software up to date. As the threat landscape continues to evolve, staying informed and proactive is essential for safeguarding personal information and maintaining device security.

🔒 Pro insight: DarkSword's sophisticated exploit chain indicates a troubling trend of advanced state-sponsored cyber operations leveraging commercial spyware capabilities.

Original article from

SecurityWeek · Ionut Arghire

Read Full Article

Share

Related Pings

MEDIUMVulnerabilities

UIDAI - Launches Bug Bounty Programme for Aadhaar Security

UIDAI has launched a Bug Bounty Programme to enhance Aadhaar security. This initiative invites experts to identify vulnerabilities in the system. It's crucial for protecting the personal data of over a billion residents.

Cyber Security News·
HIGHVulnerabilities

Ubuntu Vulnerability - Local Attackers Can Gain Root Access

A critical vulnerability in Ubuntu allows local attackers to gain root access. This flaw affects users of Ubuntu Desktop 24.04 and newer. Immediate updates are essential to protect against potential system compromise.

Infosecurity Magazine·
HIGHVulnerabilities

Vulnerabilities - Claude Users Face Data Theft Risks

A trio of vulnerabilities in Claude could expose users to data theft. This flaw allows attackers to exploit Google searches, threatening enterprise networks. Stay vigilant and watch for updates.

Dark Reading·
CRITICALVulnerabilities

Critical Vulnerability - Unpatched Flaw in Telnetd Exposed

A critical flaw in GNU InetUtils telnetd has been discovered, allowing remote attackers to execute code with elevated privileges. This affects all versions, posing severe risks to systems. Users are urged to disable Telnet services until a patch is available to avoid exploitation.

Security Affairs·
HIGHVulnerabilities

WebKit Vulnerability - Apple Patches Critical Security Flaw

Apple has issued critical patches for a serious WebKit vulnerability affecting iOS and macOS. This flaw allows malicious content to bypass security measures, risking user data. Immediate updates are essential to protect against potential attacks.

Cyber Security News·
CRITICALVulnerabilities

ScreenConnect Vulnerability - Critical Flaw Exposed

A critical vulnerability in ScreenConnect allows hackers to hijack sessions by extracting unique machine keys. This affects all versions prior to 26.1, posing severe risks. Organizations must upgrade to version 26.1 immediately to protect themselves.

Cyber Security News·