Someone Just Publicly Leaked a Hacking Tool That Can Breach Millions of iPhones

Cybersecurity researchers have warned of a growing threat to iPhone users after a newer version of the DarkSword hacking tool was leaked and published on GitHub.

The leaked version of DarkSword allows attackers to target iPhones and iPads running older versions of Apple’s operating systems, particularly devices that have not updated to iOS 26.

Researchers said the code is simple to use and requires little technical expertise. Matthias Frielingsdorf, co-founder of iVerify, told TechCrunch that the tools are “way too easy to repurpose” and may soon be used more widely by cybercriminals.

Frielingsdorf explained that the leaked files consist of basic HTML and JavaScript, making them easy to copy, host, and deploy within a short time. He added that the exploits work immediately without requiring specialized knowledge of iOS systems.

Google also confirmed this assessment, with spokesperson Kimberly Samra stating that the company’s researchers agree the tools are straightforward to use.

A security hobbyist known as Matteyeux demonstrated the risk by successfully compromising an iPad mini running iOS 18 using a publicly circulating DarkSword sample, according to TechCrunch.

Comments within the leaked code outline how the exploit operates. The spyware is designed to extract sensitive data from compromised devices and send it to attacker-controlled servers over the internet.

The data collected may include contacts, messages, call history, and credentials stored in the iOS keychain, such as Wi-Fi passwords.

Some files also reference post-exploitation activity, detailing how attackers can maintain access and extract additional data after the initial breach.

Apple confirmed it is aware of the exploit affecting devices running outdated software. The company issued an emergency update on March 11 for devices that cannot run newer iOS versions.

Apple stated that devices running updated software are not at risk from these attacks and emphasized that keeping systems up to date remains the most effective protection. The company added that Lockdown Mode can also block these specific exploits.

DarkSword primarily targets devices running iOS 18, according to prior analyses by iVerify, Google, and Lookout.

Apple data indicates that about one-quarter of its more than 2.5 billion active devices still operate on iOS 18 or earlier. This suggests that hundreds of millions of users could remain vulnerable if they have not updated their software.

The emergence of DarkSword follows the recent discovery of another advanced iPhone hacking toolkit known as Coruna.

TechCrunch previously reported that Coruna was developed by defense contractor L3Harris, whose Trenchant division builds hacking tools for the US government and its allies.