DarkSword iOS Exploit Kit: 6 Vulnerabilities, 3 Zero-Days, Full iPhone Takeover — 221 Million Devices Still at Risk

DarkSword is a complete exploit chain and infostealer written entirely in JavaScript — a design choice that is itself significant. There is no binary implant, no Mach-O library, and no traditional malware artifact. The entire attack executes in memory through JavaScript, allowing it to bypass Apple's Page Protection Layer and Secure Page Table Monitor mitigations that would block unsigned native binary code. The chain begins when a user visits a website containing a malicious iframe — either a compromised legitimate site or an attacker-controlled lure page. Once Safari loads the iframe, DarkSword executes automatically.

The six-vulnerability chain works in three distinct stages. Stage one is remote code execution — DarkSword exploits one of two JavaScriptCore memory corruption bugs depending on the target's iOS version. CVE-2025-31277, a JIT type confusion bug, targets iOS 18.4 and 18.5. CVE-2025-43529, a garbage collection bug in the DFG JIT layer, targets iOS 18.6 through 18.7. Both bugs allow an attacker to corrupt memory through a malicious webpage alone. Both are immediately chained with CVE-2026-20700 — a Pointer Authentication Code bypass in dyld, Apple's dynamic linker. PAC is a hardware-level security feature designed specifically to prevent code execution hijacking. Bypassing it is a prerequisite for everything that follows.

Stage two is sandbox escape. DarkSword first breaks out of WebKit's WebContent sandbox into the GPU process by exploiting CVE-2025-14174, a memory corruption bug in the ANGLE graphics translation layer. It then pivots from the GPU process into mediaplaybackd — a background system daemon responsible for media playback — using CVE-2025-43510, a memory management flaw in the iOS kernel. This double sandbox escape, from WebContent to GPU to mediaplaybackd, is architecturally novel and was used identically across all observed DarkSword deployments regardless of which RCE exploit was used for the first stage.

Stage three is full kernel compromise. CVE-2025-43520, a memory corruption flaw in the iOS kernel, is used from within mediaplaybackd to obtain arbitrary read/write access and arbitrary function call capabilities across the entire kernel. From there, the orchestrator payload pe_main.js lifts sandbox restrictions on the device's most privileged processes — configd, wifid, securityd, UserEventAgent, and Springboard — and injects targeted data-theft modules into each. The complete data collection is staged in accessible filesystem locations and exfiltrated to a command-and-control server.

Three distinct malware families have been deployed following successful DarkSword compromises. GHOSTBLADE — used by suspected Russian group UNC6353 in Ukraine — collects emails, iCloud Drive files, contacts, SMS messages, Safari browsing history and cookies, cryptocurrency wallet data, usernames, passwords, photos, call history, calendar entries, notes, and location history. GHOSTKNIFE — used by UNC6748 in Saudi Arabia via a Snapchat-themed lure site — functions as a JavaScript backdoor with extensive information theft capabilities including audio recording from the device microphone and a custom binary C2 protocol encrypted with ECDH and AES. GHOSTSABER — used by Turkish commercial surveillance vendor PARS Defense in campaigns targeting Turkey and Malaysia — supports over 15 distinct C2 commands and actively deletes crash logs to evade forensic detection. All three families specifically target cryptocurrency wallet applications. The DarkSword and Coruna exploit kits together are now estimated by iVerify to affect hundreds of millions of unpatched devices running iOS versions 13 through 18.6.2 — the combined attack surface represents one of the largest outstanding iOS exposure windows documented. Lookout researchers also noted evidence that large language models were used in the creation of at least some of the implant code, visible in functional comment structures throughout the JavaScript source.