The exploit, which was recently disclosed by Google’s Threat Intelligence Group, is now available on GitHub, highlighting the importance of updating older iPhones and iPads to the latest iOS and iPadOS versions. Below are the details of the exploit.
‘This is bad’
Recently, Google’s Threat Intelligence Group, iVerify, and Lookout uncovered two exploits, Coruna and DarkSword, which exploit multiple vulnerabilities in iOS and iPadOS to compromise older iPhones and iPads that have not been updated.
In essence, both exploits take advantage of vulnerabilities in WebKit and other components that Apple has patched with iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, enabling attackers to access user data or take control of the device.
Following the disclosure of these exploits, Apple released a support document emphasizing the importance of keeping devices up to date, even if they are unable to run the latest iOS 26 or iPadOS 26. Apple also introduced Lockdown Mode to enhance security against hacking attempts.
According to a report by TechCrunch, a newer version of DarkSword has been leaked and made available on GitHub, indicating a potential increase in attacks exploiting these vulnerabilities.
Frielingsdorf noted that the new versions of DarkSword spyware share infrastructure with previous versions analyzed by iVerify, though the files have some differences. The files on GitHub are simple, consisting of HTML and JavaScript, making it easy for anyone to host them on a server quickly.
Matthias Frielingsdorf, co-founder of iVerify, expressed concern about the leak, stating, “This is bad. They are way too easy to repurpose… I don’t think that can be contained anymore. So we need to expect criminals and others to start deploying this… The exploits will work out of the box… There is no iOS expertise required.”
TechCrunch reached out to Apple and Microsoft (owner of GitHub) for comments on the exploit. While Microsoft did not respond immediately, Apple acknowledged the exploit targeting devices running outdated operating systems and released an emergency update on March 11 for devices unable to run recent iOS versions.
For the full report by TechCrunch, click here.
Worth checking out on Amazon
FTC: We use income earning auto affiliate links. More.
