Someone Has Publicly Leaked an Exploit Kit That Can Hack Millions of iPhones ⇥ techcrunch.com

Lorenzo Franceschi-Bicchierai and Zack Whittaker, TechCrunch:

Last week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users that used an advanced hacking tool called DarkSword. Now someone has leaked a newer version of DarkSword and published it on the code-sharing site GitHub.

Researchers are warning that this will allow any hacker to easily use the tools to target iPhone users running older versions of Apple’s operating systems who have not yet updated to its latest iOS 26 software. This likely affects hundreds of millions of actively used iPhones and iPads, according to Apple’s own data on out-of-date devices.

This is an entirely different exploit chain to the “Coruna” one which also surfaced earlier this month — so now there are two massive security exploits just floating around in the wild affecting a large number of iPhones. Apple is apparently concerned enough about these vulnerabilities that it is issuing patches as far back as iOS 15 though, disappointingly, only for devices that do not support newer major versions. If you have a device that can run iOS 26, you will be safer if it is running iOS 26.

It is, I should say, pretty brazen for the developers of this exploit chain to call the JavaScript file “rce_loader.js”. RCE stands for remote code execution. It is basically like calling the file “hacking_happens_here.js”.