"Named DarkSword, it targets six vulnerabilities in Apple's mobile platform and leads to full device compromise with minimal user interaction. DarkSword shares infrastructure with Coruna and was used in watering hole attacks against Ukraine, suggesting that they are part of the same threat actor's arsenal."
"Written completely in JavaScript, DarkSword starts with the exploitation of Safari bugs to achieve remote code execution (RCE), continues with a sandbox escape, and shifts to exploiting kernel flaws to inject and execute JavaScript code for privilege escalation and final payload execution."
"Google has also found evidence that DarkSword has been used by commercial surveillance vendors, including one tracked as UNC6748, in attacks targeting Saudi Arabia, Turkey, and Malaysia."
Security researchers have identified DarkSword, a mass-exploitation iOS exploit kit targeting six vulnerabilities in Apple's mobile platform. The kit, written entirely in JavaScript, exploits Safari bugs for remote code execution, performs sandbox escapes, and leverages kernel flaws for privilege escalation. DarkSword shares infrastructure with Coruna, another iOS exploit kit, suggesting both are part of the same threat actor's arsenal. Russian state-sponsored group UNC6353 deployed DarkSword in watering hole attacks against Ukraine through compromised websites. Commercial surveillance vendors, including UNC6748, have also utilized DarkSword in attacks targeting Saudi Arabia, Turkey, and Malaysia, demonstrating its dual use by both state-sponsored and financially motivated threat actors.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]