DarkSword: The iPhone Exploit That Forced Apple to Rewrite Its Own Security Playbook

DarkSword is a deployed, zero-click drive-by iOS exploit chain that links six vulnerabilities—including three zero-days—to break out of Safari/WebKit, escalate privileges through the kernel, and install persistent implants (e.g., Ghostblade). Affecting an estimated 270 million iPhones on iOS 18.4–18.7, it has been used in active campaigns across Saudi Arabia, Turkey, Malaysia, and Ukraine by both commercial spyware vendors and state-backed actors (notably UNC6353); its severity prompted Apple to backport security fixes via iOS 18.7.7 and recommends immediate updates, Lockdown Mode for high-risk users, and tightened MDM enforcement.