DarkSword exploit chain hits older iPhones

This is the uncomfortable part of modern mobile security: once spyware tooling escapes the exclusive-government lane, it starts behaving like commodity malware. DarkSword matters less as a brand name than as proof that old iPhone exploit chains can be copied, repurposed, and aimed at a much wider target set.

• –The attack path is nasty because it can trigger from a compromised website, so users may never see a suspicious download or obvious prompt.
• –The exfiltration list is broad enough to fuel account takeover, surveillance, and follow-on intrusion across messaging, email, and cloud accounts.
• –Axios and Lookout say the underlying JavaScript was left unobscured, which lowers the bar for less capable criminals to clone the chain.
• –Apple says the underlying flaws are patched, and Lockdown Mode helps, but older devices and delayed updates still leave plenty of exposed phones.
• –The reported LLM-assisted file naming is a small clue, but it reinforces the bigger trend: AI may be making offensive tooling easier to assemble, even when the operators are sloppy.