DarkSword, a government-grade iOS exploit kit, has leaked—enabling one-click RCE with sandbox escape on iOS 18.4–18.6.2. Source code exposure lowers the barrier for skilled attackers, expanding risk beyond elite operators.

In brief - A sophisticated iOS exploit framework, DarkSword, has been leaked, exposing unpatched iPhones to remote code execution and sandbox escape. Originally used against high-value targets, its public availability now threatens broader exploitation, including cryptocurrency theft.

Technically - DarkSword leverages JavaScript engine primitives (addrof/fakeobj) to achieve memory read/write, followed by a 100-step mitigation bypass to disable garbage collection and exploit mediaplaybackd for kernel access. The leaked build supports 28 devices across 26 firmware versions, includes debug artifacts, and targets cryptocurrency wallets. A commented-out 'startSandworm' function hints at prior kernel exploit reuse, while MIG message filtering bypasses reflect adaptation to iOS 18.4+ defenses.

Source: https://www.jamf.com/blog/darksword-ios-exploit-kit-three-lessons-mobile-security/

#Cybersecurity #ThreatIntel