A nation-state exploit kit called DarkSword just showed up on GitHub. It chains six vulnerabilities — three of them zero-days — into a full device takeover of any iPhone running iOS 18 or earlier.
This isn't theoretical. The code is public. Anyone can download it.
What DarkSword Actually Is
DarkSword is a complete exploit chain. It targets iPhones through a series of vulnerabilities (CVE-2026-20700, CVE-2025-43529, CVE-2025-14174, plus three others) that together give an attacker full access to the device — messages, photos, microphone, location, everything.
This was originally a government surveillance tool. The kind of thing sold to intelligence agencies for millions of dollars. Someone leaked the full source code to a public GitHub repository.
TechCrunch, The Hacker News, and CyberScoop all confirmed the leak independently. Cybersecurity researchers have verified the exploits work against unpatched devices.
Who's at Risk
Hundreds of millions of iPhones. If you're running iOS 18 without the latest patches, you're vulnerable. The exploit works silently — no user interaction required. You won't see a notification, a prompt, or any sign that your device has been compromised.
The three zero-day vulnerabilities have since been patched by Apple, but only in the most recent updates. A massive number of users don't update promptly, which means the window of exposure is enormous.
Why This Matters Beyond iPhones
Government exploit kits leaking to the public is a growing pattern. Tools built for targeted surveillance against specific individuals — journalists, dissidents, political opponents — suddenly become available to every cybercriminal with a GitHub account.
We saw this with NSO Group's Pegasus spyware. We saw it with the Shadow Brokers leaking NSA tools (which eventually gave us WannaCry). DarkSword follows the same trajectory: expensive, classified attack tools becoming commodity malware.
The cybersecurity community calls this "proliferation." I call it a ticking clock.
What You Should Do Right Now
- Update your iPhone immediately. Go to Settings > General > Software Update. Install whatever's available.
- Enable automatic updates if you haven't already.
- Turn on Lockdown Mode if you're a high-risk individual (journalist, activist, executive). It limits attack surface significantly.
- Check your iOS version. If you're on anything below iOS 18.3.2, you need to update today.
I genuinely don't say this often: this one's urgent. The exploit code is live, public, and functional. The only thing standing between your iPhone and a full compromise is whether you've hit that update button.
Don't wait.
Top comments (0)