Following its current disclosure of the Coruna exploit chain concentrating on older iOS variations, the corporate has now revealed an identical assault believed to be referred to as DarkSword. Listed below are the main points.
A couple of extra causes to maintain your gadgets updated
A couple of weeks in the past, Google and iVerify printed two stories with complementary particulars on the Coruna exploit, which chained a number of iOS vulnerabilities to compromise iPhones working outdated system variations.
Following the discharge of the stories, Apple launched iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, addressing kernel and WebKit vulnerabilities leveraged by Coruna.
Apparently, earlier at the moment, Apple printed a brand new assist doc titled Replace iOS to guard your iPhone from net assaults, during which it says that “safety researchers lately recognized web-based assaults that concentrate on out-of-date variations of iOS via malicious net content material,” and goes on to clarify the next:
You probably have stored your iPhone software program updated, then you might be already protected. (…) In case your iPhone has an older model of iOS, replace to guard your information:
- Units with the newest, up to date variations of iOS 15 via iOS 26 are already protected. You probably have not up to date your software program lately, replace iOS in your iPhone.
- We launched a software program replace for iOS 15 and iOS 16 on March 11, 2026, to increase safety to older gadgets that can’t replace to the newest model of iOS.
- Units with iOS 13 or iOS 14 should replace to iOS 15 to obtain these protections and can obtain a further alert to put in a Important Safety Replace within the subsequent few days.
- Apple Protected Looking in Safari is on by default and blocks the malicious URL domains recognized in these assaults.
Notice: Customers who’re unable to replace their machine can contemplate enabling Lockdown Mode (if obtainable) to guard towards malicious net content material and different threats.
Because it seems, the brand new Safety publish may be referring not simply to Coruna but additionally to a different exploit chain, which the Google Menace Intelligence Group (GTIG) believes is named DarkSword.
Based on the GTIG, there are “a number of industrial surveillance distributors and suspected state-sponsored actors using DarkSword in distinct campaigns,” they usually add that “these risk actors have deployed the exploit chain towards targets in Saudi Arabia, Turkey, Malaysia, and Ukraine.”
In a nutshell, DarkSword works equally to Coruna. It chains a number of vulnerabilities to realize a full kernel-level compromise.
Additionally like Coruna, DarkSword is delivered via compromised or decoy web sites, then chains a number of phases earlier than deploying payloads equivalent to GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER.
Based on GTIG, the CVEs related to DarkSword embrace:
- CVE-2025-31277 (patched in iOS 18.6)
- CVE-2026-20700 (patched in iOS 26.3)
- CVE-2025-43529 (patched in iOS 18.7.3 and iOS 26.2)
- CVE-2025-14174 (patched in iOS 18.7.3 and iOS 26.2)
- CVE-2025-43510 (patched in iOS 18.7.2 and iOS 26.1)
- CVE-2025-43520 (patched in iOS 18.7.2 and iOS 26.1)
To dive into the technical particulars, take a look at GTIG’s report, which was printed in coordination with Lookout and iVerify, each of which additionally shared their very own findings.
Oh, sure, and ensure that your gadgets are working the newest iOS model.
Value testing on Amazon
FTC: We use revenue incomes auto affiliate hyperlinks. Extra.
