DarkSword iOS Exploit Kit: State-Sponsored Attacks Target Apple Devices

A sophisticated iOS exploit kit named "DarkSword" has been discovered being used by state-sponsored hackers and commercial spyware vendors to achieve full device compromise with minimal user interaction. The kit exploits a chain of six iOS vulnerabilities (CVE-2025-31277, CVE-2025-43529, CVE-2025-14174, CVE-2025-43510, CVE-2025-43520, and CVE-2026-20700) affecting Safari and the iOS kernel. Russian state-sponsored group UNC6353 has deployed DarkSword in watering hole attacks against Ukraine, while commercial surveillance vendors including UNC6748 and PARS Defense have used it against targets in Saudi Arabia, Turkey, and Malaysia. The exploit chain leverages Safari bugs for remote code execution, sandbox escape mechanisms, and kernel vulnerabilities for privilege escalation and information theft. Apple users should immediately update to the latest iOS version to protect against these critical vulnerabilities.