A sophisticated iPhone hacking toolkit capable of compromising hundreds of millions of devices has been leaked publicly on GitHub, security researchers warned Monday. The DarkSword exploit kit, previously used by Russian government hackers against Ukrainian targets, can now be deployed by anyone with minimal technical expertise against iPhones and iPads running older operating systems.
The leaked toolkit targets devices running iOS 18 and earlier versions — affecting roughly one-quarter of all iPhone and iPad users worldwide according to Apple's own data. With more than 2.5 billion active Apple devices globally, that translates to hundreds of millions of vulnerable devices.
"This is bad. They are way too easy to repurpose," Matthias Frielingsdorf, co-founder of mobile security startup iVerify, told TechCrunch. "I don't think that can be contained anymore. So we need to expect criminals and others to start deploying this."
The DarkSword files uploaded to GitHub consist of uncomplicated HTML and JavaScript that can be copied and hosted on a server "in a couple minutes to hours," according to Frielingsdorf. Most concerning for security experts: "The exploits will work out of the box. There is no iOS expertise required."
Security researcher "matteyeux" demonstrated the exploit's effectiveness Monday, successfully hacking an iPad mini running iOS 18 using the publicly available code. The proof-of-concept underscored how accessible nation-state-level hacking tools have become.
Apple issued an emergency security update on March 11 for devices unable to run recent iOS versions, spokesperson Sarah O'Rourke confirmed. "Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products," she said, adding that updated devices and those with Lockdown Mode enabled are protected.
The leak marks a fundamental shift in cybersecurity — military-grade exploits once limited to intelligence agencies are now downloadable by teenagers with GitHub accounts. Previously, such sophisticated exploits required significant resources and technical expertise to develop and deploy.
- No technical expertise required — HTML and JavaScript files work immediately
- Targets hundreds of millions of devices running older iOS versions
- Originally developed for Russian government operations against Ukraine
- Can steal comprehensive device data including encrypted passwords
The timing is particularly concerning given the recent discovery of another iPhone hacking toolkit called Coruna, developed by defense contractor L3Harris for U.S. government use. The back-to-back revelations suggest a broader trend of government-grade hacking tools entering the public domain.
Code comments in the leaked DarkSword files describe "post-exploitation activity" and detail how the malware grabs device contents after gaining access. One file mysteriously references uploading data to a Ukrainian apparel website, though the connection remains unclear.
Google researchers, who previously analyzed DarkSword in controlled environments, confirmed the assessment that the leaked tools pose significant risks. The company's security team agreed with iVerify's conclusion that widespread criminal adoption is now likely.
For iPhone users, the message is clear: update immediately. Apple's iOS 26 patches the vulnerabilities exploited by DarkSword, but only devices running current software are protected. The emergency March 11 update provides protection for older devices that cannot upgrade to the latest iOS version.
The public availability of DarkSword on GitHub — a mainstream code-sharing platform used by millions of developers — illustrates how quickly advanced threats can proliferate. Unlike previous leaks that required specialized knowledge to understand and deploy, these tools are designed for immediate use by anyone with basic web development skills.
Security experts warn this represents just the beginning. As more government-developed hacking tools inevitably leak or are stolen, the line between nation-state capabilities and common cybercrime continues to blur. The iPhone exploit ecosystem, once dominated by expensive commercial spyware like Pegasus, now includes free, open-source alternatives that any bad actor can deploy.