A powerful hacking tool capable of breaking into iPhones has been publicly leaked online, raising concerns among cybersecurity researchers that millions of devices could now be at greater risk.
The tool, which builds on an exploit chain known as “DarkSword,” was previously observed in more limited, targeted attacks.
Its recent publication on GitHub, reported by TechCrunch, has widened access, making it easier for a broader range of actors to deploy.
Earlier reporting by Wired found that the underlying vulnerabilities could affect hundreds of millions of iPhones.
Researchers say the public release of a more complete exploit kit is a significant escalation, shifting the threat from specialized use toward potential widespread abuse.
“This is bad. They are way too easy to repurpose,” Matthias Frielingsdorf, the co-founder of mobile security startup iVerify, told TechCrunch.
Why It Matters
The emergence of a publicly available exploit kit capable of targeting iPhones could expand the threat landscape for hundreds of millions of users worldwide.
Security researchers have long warned that when advanced tools leak into public repositories, they lower the barrier to entry for cybercriminals.
That dynamic can lead to a surge in attacks, particularly if vulnerabilities remain unpatched or if users delay software updates.
The situation is especially sensitive given Apple’s reputation for strong device security, which has historically made iPhones less susceptible to widespread exploitation compared to other platforms.
What To Know
The exploit chain, analyzed by Google’s Threat Intelligence Group, targets multiple vulnerabilities within Apple’s iOS system, allowing attackers to bypass key security protections and gain deep access to a device.
The chain can enable remote code execution and privilege escalation, effectively handing control of a device to an attacker.
Versions of the exploit were already circulating in the wild, capable of targeting a wide range of iPhone models. Researchers warned at the time that the vulnerabilities affected potentially hundreds of millions of devices before patches were issued.
The combination of a proven exploit chain and public availability has heightened concerns about monitoring mobile threats.
What People Are Saying
Commenters on the r/cybersecurity forum were struck by the casual availability of the exploit.
“‘Hey Phil, I’m bored with this one, so I’m just going to leave it here for the next guy to use…'” one user quipped, adding it “makes me nervous about what they moved on to, and why.”
“Feels like people always assume iPhones are ‘safe by default,’ but stuff like this shows nothing is really bulletproof,” another user wrote. “Most people probably won’t get hit directly, but still a good reminder to keep updates on and not click random links.”
However, as one individual pointed out, “The scary news should be that 270M iPhones aren’t updated.”
What’s Next
Security experts are urging users to ensure their devices are updated to the latest version of iOS.
Newsweek has reached out to Apple for comment via email.
