New version of iPhone hacking tool DarkSword leaked online, raising security concerns

Security researchers are sounding alarm bells after discovering that an advanced hacking tool known as DarkSword has been leaked online. The latest version of this sophisticated software was uploaded to GitHub—a popular platform for sharing code—raising serious concerns about its widespread availability and the potential risks it poses to iPhone users.

Risk Assessment: Who is at Risk?

The new version of DarkSword, which has been made publicly accessible through GitHub, can be easily exploited by any hacker. According to Matthias Frielingsdorf from mobile security startup iVerify, the leaked tool shares similar infrastructure with previously analyzed versions but now comes in a more user-friendly format—essentially HTML and JavaScript files that are straightforward for anyone to copy and host on their own servers.

“This is bad,” said Frielingsdorf. “They are way too easy to repurpose. I don’t think that can be contained anymore, so we need to expect criminals and others to start deploying this.”

The Scope of the Threat: Millions at Risk?

Focusing on iPhone users running older versions of Apple’s iOS operating system who have not yet updated to the latest version (iOS 26), researchers warn that hundreds of millions of devices could be vulnerable. Apple itself has reported a significant number of out-of-date iPhones and iPads, underscoring just how widespread this potential threat might be.

“The exploits will work out of the box,” Frielingsdorf explained. “There is no need for any additional setup or customization.” This means that once someone gains access to these files, they can quickly deploy them without much effort, making it a significant risk factor in today’s digital landscape.

What Can Users Do?

In response to this alarming development, cybersecurity experts are urging iPhone users to update their devices as soon as possible. The latest version of iOS (iOS 26) includes critical security patches that protect against the vulnerabilities targeted by DarkSword and similar hacking tools.

“Updating your device is one of the most effective ways to stay protected,” said Frielingsdorf, adding that users should also be cautious about any unexpected messages or calls they receive. “Be wary of phishing attempts and suspicious links sent via text message or email.”

The Broader Implications: A Call for Action?

This incident highlights the ongoing challenges in cybersecurity, particularly when it comes to protecting mobile devices against sophisticated hacking tools. The ease with which DarkSword can be repurposed underscores the need for continuous vigilance and proactive measures from both users and tech companies.

“We are seeing a shift towards more accessible and user-friendly hacking tools,” said Frielingsdorf, “and this trend is likely to continue unless we take decisive action.”

The release of DarkSword on GitHub serves as a stark reminder that the cybersecurity landscape remains dynamic and ever-evolving. As technology advances, so too do the threats it faces. For now, staying informed about such developments and taking necessary precautions are key steps in safeguarding one’s digital privacy.