GoKawiilThe exploit, revealed last week by Google’s Threat Intelligence Group, is now publicly available on GitHub, increasing the urgency for older iPhones and iPads to run the latest available iOS and iPadOS versions. Here are the details.
’This is bad’
In recent weeks, Google’s Threat Intelligence Group, iVerify, and Lookout revealed details of two exploits, Coruna and DarkSword, that chain multiple iOS and iPadOS vulnerabilities to compromise outdated iPhones and iPads.
In a nutshell, both exploits rely on WebKit and other vulnerabilities that Apple recently patched with iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7, allowing attackers to steal user data or gain full control of a device.
Following the disclosure of both exploits, Apple published a support document stressing the importance of keeping devices up to date, even if they can’t run iOS 26 or iPadOS 26. Apple also added that Lockdown Mode can further curb hacking attempts.
Now, as spotted by TechCrunch, “someone has leaked a newer version of DarkSword and published it on the code-sharing site GitHub,” which essentially means attacks exploiting these vulnerabilities are very likely to increase.
From TechCrunch:
Frielingsdorf said that these new versions of DarkSword spyware share the same infrastructure with the ones he and his iVerify colleagues analyzed previously, although the files are slightly different. The files uploaded to GitHub are uncomplicated, just HTML and JavaScript, he said, meaning anyone can copy and paste them and host them on a server “in a couple minutes to hours.”
When asked about the leak, Matthias Frielingsdorf, co-founder of iVerify, told TechCrunch:
“This is bad. They are way too easy to repurpose. (…) I don’t think that can be contained anymore. So we need to expect criminals and others to start deploying this. (…) The exploits will work out of the box. (…) There is no iOS expertise required.”
... continue reading