DarkSWord iPhone Exploit Exposes Millions to Attack

Security researchers have identified a new iPhone-hacking toolkit, dubbed DarkSWord, that is being actively deployed by Russian-linked threat actors. The toolkit exploits a previously undisclosed flaw in iOS, allowing attackers to gain deep, privileged access to devices and silently install malicious payloads.

DarkSWord leverages a zero-day vulnerability in the iOS kernel, bypassing Apple's Pointer Authentication Code (PAC) and other hardening mechanisms. The exploit chain includes a privilege-escalation component that enables the malware to persist across reboots and evade detection by conventional antivirus products. Researchers note that the tool's payload is modular, capable of harvesting contacts, messages, location data, and even audio in real time.

Affected devices span iOS versions up to the latest 17.x release, potentially exposing millions of iPhones worldwide. While the current campaign appears focused on high-value targets, the underlying exploit could be repackaged for mass-scale attacks. The attackers have been observed using watering-hole techniques and spear-phishing to deliver the initial stage of the toolkit.

Apple has been informed of the vulnerability and is working on a security patch expected in the next iOS update. In the interim, users are advised to enable automatic updates, activate Lockdown Mode for sensitive accounts, and monitor for anomalous behavior. Organizations should incorporate threat-intelligence feeds that flag DarkSWord indicators of compromise and deploy endpoint detection and response solutions to detect the toolkit's activity.