DarkSword is a full-chain iOS exploit capable of completely taking over an iPhone by chaining together multiple vulnerabilities. Google's Threat Intelligence Group (GTIG) first identified it on March 19, 2026, and confirmed it has been actively used by multiple threat actors since at least November 2025. What makes DarkSword particularly dangerous: Zero-click infection — victims can be compromised just by visiting a compromised website, no downloads or taps required Full device access — attackers can steal data, record activity, and maintain persistent access Already weaponized — the exploit was planted on dozens of Ukrainian websites since late February Now publicly available — the code was leaked on GitHub, making it accessible to any attacker

DarkSword iPhone Exploit Leaks on GitHub, Putting 270 Million Older iPhones at Risk

Q: Which iPhones Are Affected?

DarkSword specifically targets iPhones running iOS 18.4 through iOS 18.7. A related exploit called Coruna targets even older devices running iOS 13.0 through iOS 17.2.1. According to iVerify and Lookout, an estimated 220 million to 270 million iPhones were still running exposed iOS versions as of March 2026. Many users stayed on iOS 18 after being unhappy with the changes Apple introduced in iOS 26 last September — making them prime targets.

Q: How to Protect Yourself

The fix is straightforward: update your iPhone immediately. Apple has released security patches that block the DarkSword exploit chain. Devices running iOS 26 or the latest iOS 18 security updates are not vulnerable. If you have been putting off the iOS 26 update because you dislike the new interface, this is your wake-up call. The cosmetic changes are a minor inconvenience compared to having your entire digital life compromised by a zero-click exploit that is now freely available online.

By Jaspal April 4, 2026 Updated: April 4, 2026

A powerful iPhone hacking tool known as DarkSword has been publicly leaked on GitHub, and security researchers are warning that 220 to 270 million older iPhones could be vulnerable. The exploit, first identified by Google's Threat Intelligence Group, can fully compromise Apple devices without the user clicking anything or downloading any file.

What Is DarkSword?

DarkSword is a full-chain iOS exploit capable of completely taking over an iPhone by chaining together multiple vulnerabilities. Google's Threat Intelligence Group (GTIG) first identified it on March 19, 2026, and confirmed it has been actively used by multiple threat actors since at least November 2025.

What makes DarkSword particularly dangerous:

Zero-click infection — victims can be compromised just by visiting a compromised website, no downloads or taps required
Full device access — attackers can steal data, record activity, and maintain persistent access
Already weaponized — the exploit was planted on dozens of Ukrainian websites since late February
Now publicly available — the code was leaked on GitHub, making it accessible to any attacker

Which iPhones Are Affected?

DarkSword specifically targets iPhones running iOS 18.4 through iOS 18.7. A related exploit called Coruna targets even older devices running iOS 13.0 through iOS 17.2.1.

Exploit	iOS Versions Affected	Status
DarkSword	iOS 18.4 – iOS 18.7	Patched in iOS 26
Coruna	iOS 13.0 – iOS 17.2.1	Patched in later iOS 18 updates

According to iVerify and Lookout, an estimated 220 million to 270 million iPhones were still running exposed iOS versions as of March 2026. Many users stayed on iOS 18 after being unhappy with the changes Apple introduced in iOS 26 last September — making them prime targets.

Why the GitHub Leak Makes This Much Worse

DarkSword was originally used in targeted surveillance operations — think government-level espionage, not everyday cybercrime. But now that the exploit code has been posted publicly on GitHub, the rules have changed entirely.

This pattern — where sophisticated cyber weapons leak from intelligence agencies into the criminal underground — has happened before. The NSA's EternalBlue exploit leaked in 2017 and was quickly weaponized in the WannaCry ransomware attack that hit hospitals, businesses, and governments worldwide.

Security researchers warn that DarkSword could follow a similar trajectory. A tool once limited to nation-state attackers is now available to any skilled hacker with an internet connection.

What a Compromised iPhone Means

A hacked iPhone is not just about losing photos or messages. Modern smartphones store:

Email and authentication tokens — attackers can access your accounts
Corporate credentials — a compromised personal phone can breach company systems
Banking and payment data — financial theft becomes trivial
Cloud data access — iCloud, Google Drive, and other synced services are exposed
Messaging history — encrypted chats become readable on the compromised device

How to Protect Yourself

The fix is straightforward: update your iPhone immediately. Apple has released security patches that block the DarkSword exploit chain. Devices running iOS 26 or the latest iOS 18 security updates are not vulnerable.

If you have been putting off the iOS 26 update because you dislike the new interface, this is your wake-up call. The cosmetic changes are a minor inconvenience compared to having your entire digital life compromised by a zero-click exploit that is now freely available online.

The Bottom Line

DarkSword represents exactly the kind of threat that keeps security researchers up at night: a government-grade exploit that has escaped into the wild. With the code now on GitHub and hundreds of millions of iPhones still running vulnerable software, the window for attackers has never been wider.

Update your iPhone. Today. Not tomorrow, not next week. The exploit is public, the vulnerable devices are numbered in the hundreds of millions, and the attackers do not need you to click anything.