Google Threat Intelligence has identified DarkSword, a new iOS full-chain exploit that uses six zero-day vulnerabilities to fully compromise devices, and has been adopted by multiple threat actors including commercial surveillance vendors and state-sponsored groups. The exploit chain, which supports iOS versions 18.4 through 18.7, has been used in distinct campaigns targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine, deploying malware families such as GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER.
Edward Kiledjian
@ekiledjian