Apple Active Exploit Chain DarkSword - 20260319002¶
Overview¶
The WASOC has been made aware of a newly discovered iOS full-chain exploit that leverages multiple zero-day vulnerabilities to fully compromise devices. Google Threat Intelligence has named this exploit chain "DarkSword".
DarkSword supports iOS versions 18.4 through 18.7 and utilizes different vulnerabilities to deploy final-stage payloads.
What is vulnerable?¶
| CVE | Exploited as a Zero-Day | Patched in iOS Version(s) |
|---|---|---|
| CVE-2025-31277 | No | 18.6 |
| CVE-2026-20700 | Yes | 26.3 |
| CVE-2025-43529 | Yes | 18.7.3, 26.2 |
| CVE-2026-20700 | Yes | 26.3 |
| CVE-2025-14174 | Yes | 18.7.3, 26.2 |
| CVE-2025-43510 | No | 18.7.2, 26.1 |
| CVE-2025-43520 | No | 18.7.2, 26.1 |
What has been observed?¶
The WASOC has been made aware of public reports of active exploitation for one or more of the mentioned items. The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):