(jamf.com) DarkSword Leaked: Inside a Government-Grade iOS Safari Exploit Kit and Its Implications for the Mobile Threat Landscape
-
(jamf.com) DarkSword Leaked: Inside a Government-Grade iOS Safari Exploit Kit and Its Implications for the Mobile Threat Landscape
DarkSword, a government-grade iOS exploit kit, has leaked—enabling one-click RCE with sandbox escape on iOS 18.4–18.6.2. Source code exposure lowers the barrier for skilled attackers, expanding risk beyond elite operators.
In brief - A sophisticated iOS exploit framework, DarkSword, has been leaked, exposing unpatched iPhones to remote code execution and sandbox escape. Originally used against high-value targets, its public availability now threatens broader exploitation, including cryptocurrency theft.
Technically - DarkSword leverages JavaScript engine primitives (addrof/fakeobj) to achieve memory read/write, followed by a 100-step mitigation bypass to disable garbage collection and exploit mediaplaybackd for kernel access. The leaked build supports 28 devices across 26 firmware versions, includes debug artifacts, and targets cryptocurrency wallets. A commented-out 'startSandworm' function hints at prior kernel exploit reuse, while MIG message filtering bypasses reflect adaptation to iOS 18.4+ defenses.
Source: https://www.jamf.com/blog/darksword-ios-exploit-kit-three-lessons-mobile-security/
-
R relay@relay.infosec.exchange shared this topic
