The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

ctf · March 19, 2026, 8:43am

https://xcancel.com/ryanaraine/status/2034338701430661352#m

Tweet:

Two full iOS exploit kits in one month, deployed via watering holes on public websites, potentially affecting hundreds of millions of devices. Will Apple acknowledge that this no longer fits the “very small number of highly targeted individuals” narrative?

Other info:

DarkSword supports iOS versions 18.4 through 18.7

This suggests that UNC6748 didn’t have an exploit chain for Chrome at the time of this activity.

ToughBird · March 19, 2026, 9:08am

And that’s why kids, it’s always best to update your OS no matter what. And not use outdated OSs no matter the device.

ctf · March 19, 2026, 1:34pm

I agree. What is concerning is how dismissive Apple is with pentesters, calling the recent high severity attacks as targeted, instead of seeing the method of delivery makes it very much mass spyware.

ToughBird · March 19, 2026, 1:35pm

I still trust Apple in their security of iOS especially with iPhone 17 onward with the new chipset.

Topic		Replies	Views
Coruna Malware Targeting iOS Spotted by Google Threat Intelligence News	0	186	March 7, 2026
New Exploit Affects 220 Million iPhones \| This Week in Privacy #45 (Mar 20, 2026) Livestreams	7	505	March 20, 2026
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks News article	0	253	March 11, 2025
Apple fixes iPhone and iPad bug used in an "extremely sophisticated attack" News article	4	614	February 11, 2025
PSA: Update Apple OSes to fix the latest security vulnerability that has been exploited General software , website	2	377	August 21, 2025

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

Related topics