DarkSword zero‑click appears in jailbreak

A jailbreak update has added support for a bug chain called DarkSword, giving older iPhones a path to kernel-level access with no tap required after delivery. (github.com) Dopamine RootHide version 2.4.9.22 says it “add[s] DarkSword kernel exploit” for iOS 15.8.7 on A9 and A10 devices and for arm64 devices on iOS 16.7 through 16.7.15. The same release also added installation through signed IPA files outside TrollStore. (github.com) A jailbreak is software that escapes Apple’s built-in restrictions and gives code deeper system access. Kernel access is the deepest layer on the phone, the part that controls memory, processes, and security checks. (github.com) A zero-click exploit is an attack that can run without the target opening a file, tapping a link, or approving a prompt. Security researchers and jailbreak developers have used that label for DarkSword because the chain has been described as working through WebKit and iMessage delivery paths with no visible user action after the malicious content arrives. (github.com, lookout.com) DarkSword was disclosed publicly on March 18, 2026, by Lookout and iVerify as a six-bug iPhone exploit chain. iVerify said the chain was written in JavaScript, started in WebKit, moved to the kernel, and was patched in stages ending with iOS 26.3. (lookout.com, iverify.io) Lookout said DarkSword was delivered through “watering hole” attacks on compromised legitimate websites. Its write-up listed six vulnerabilities — CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520 — that together gave attackers kernel-level access. (lookout.com) The original reporting tied DarkSword to attacks on Ukrainian users and linked it to the same actor family associated with an earlier chain called Coruna. Lookout said the malware focused on credentials and crypto-wallet apps, which pointed to at least partly financial motives rather than espionage alone. (lookout.com, techcrunch.com) Apple’s security notes show the company had already shipped fixes tied to DarkSword before this jailbreak support appeared. In iOS 18.7.7, published March 24, 2026, Apple said it expanded the update to more devices on April 1 so users with Automatic Updates could receive protections against web attacks called DarkSword. (support.apple.com) That leaves a split picture around this jailbreak release. For researchers and enthusiasts, it packages a public path to study a chain that had been used in the wild; for defenders, it lowers the barrier to reproducing techniques built from bugs Apple says were fixed in 2025 and 2026. (github.com, support.apple.com, iverify.io) The project’s own release notes do not explain how much of DarkSword is bundled, whether the full zero-click delivery is included, or whether users still need manual steps to trigger the jailbreak locally. What is clear is narrower: version 2.4.9.22 claims DarkSword-based kernel exploit support on specific old iOS branches that Apple has already patched in newer releases. (github.com, support.apple.com, support.apple.com)