Affiliate links on Android Authority may earn us a commission. Learn more.
A severe iPhone exploit is now public, and anyone can use it
- DarkSword, a serious iPhone exploit kit, just leaked on GitHub.
- If your device is running iOS 18.4 through 18.7 — or legacy versions 15.8.7 or 16.7.15 — you’re vulnerable.
- Contacts, messages, call history, and your iOS keychain (Wi-Fi passwords and secrets) can be fully exfiltrated.
If you have an older iPhone or iPad with an outdated iOS version, check your settings as soon as possible. A serious exploit kit called DarkSword was just released on GitHub, and security experts warn that anyone can use it without special iOS knowledge.
TechCrunch reports that the exploit links weaknesses in WebKit and the iOS sandbox. What started as a complex spyware tool for targeted attacks quickly became something anyone can use with just a few clicks.
Last week, Google’s Threat Intelligence Group, alongside security firms iVerify and Lookout, revealed the existence of DarkSword and its counterpart, Coruna. These advanced hacking tools can fully compromise iPhones, stealing contacts, messages, call history, and even the iOS keychain with Wi-Fi passwords and other secrets.
Don’t want to miss the best from Android Authority?
- Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
- You can also set us as a preferred source in Google Search by clicking the button below.
Now, a newer version of the exploit has been leaked on GitHub. Matthias Frielingsdorf, co-founder of iVerify, told TechCrunch, “This is bad. They are way too easy to repurpose.”
He explained that the leaked files are simple HTML and JavaScript. Anyone can put them on a server in minutes. The exploit works immediately on devices with older operating systems.
If your iPhone is running iOS 18.7.3 or earlier, or if you have an older device stuck on iOS 15.8.7 or 16.7.15, your device is at risk. According to Apple, about a quarter of all active iPhones and iPads — hundreds of millions — are still using these vulnerable versions.
The exploit mainly targets devices running iOS 18.4 to 18.7, but it also affects older versions. If you visit a malicious site in Safari, the exploit can break through security layers and let attackers steal your data. The leaked code even includes instructions for taking and uploading your information.
Apple has already taken action. Earlier this month, the company released emergency security updates for iOS 26.3, iOS 18.7.3, and special updates for older devices that cannot run iOS 26.
If you’re on a device that supports iOS 26, you need to be on iOS 26.3 or newer. If you’re on an older device that stopped at iOS 15 or 16, make sure you’ve grabbed the final security updates Apple pushed out specifically to block this exploit.
If you are a high-risk user, such as a journalist, activist, or executive, Apple says turning on Lockdown Mode will block this attack and give you extra protection while you update your device.
Thank you for being part of our community. Read our Comment Policy before posting.