Summary

A new exploit kit named DarkSword is targeting Apple iOS devices, leveraging six vulnerabilities, including three zero-day exploits, for full device takeover. This kit has been active since at least November 2025 and is being used by various threat actors.

Key Points

• DarkSword is an exploit kit designed for Apple iOS devices.
• It utilizes six vulnerabilities, including three zero-days, for complete device takeover.
• Active since at least November 2025.
• Used by multiple threat actors, including commercial surveillance vendors and suspected state-sponsored groups.
• Reported by Google Threat Intelligence Group (GTIG), iVerify, and Lookout.

Analysis

The DarkSword exploit kit represents a significant threat to iOS device security, as it includes zero-day vulnerabilities that are unknown to the vendor and thus unpatched. The involvement of state-sponsored actors and commercial surveillance vendors highlights the potential for widespread misuse and the urgency for Apple to address these vulnerabilities quickly.

Conclusion

IT professionals should prioritize monitoring for updates from Apple regarding these vulnerabilities and ensure that all iOS devices are updated as soon as patches become available. Additionally, implementing robust security measures and monitoring for unusual activity on iOS devices is recommended.