Apple Patches Critical DarkSword iOS 18 Vulnerability, Mitigating Mobile OS‑Cracking Tool
What Happened — Apple released an emergency update for iOS 18 that fixes a zero‑day flaw actively exploited by the DarkSword mobile‑OS cracking framework. The vulnerability allowed privileged code execution and full device control on iPhones and iPads that had not yet upgraded to iOS 26.
Why It Matters for TPRM —
- The flaw affected any organization that permits iOS devices to access corporate resources, exposing data and credentials.
- Attackers could bypass MDM controls, install persistent malware, and exfiltrate corporate information.
- The rapid patch cycle demonstrates the need for continuous endpoint‑security monitoring and timely OS updates in third‑party risk programs.
Who Is Affected — Enterprises across all sectors that allow BYOD or corporate‑issued iOS devices; especially those with legacy iOS 18 deployments.
Recommended Actions —
- Verify that all managed iOS devices are running the latest iOS 18 patch or iOS 26.
- Review MDM policies to enforce mandatory updates and block devices with outdated OS versions.
- Re‑assess third‑party risk scores for vendors that rely on iOS devices for data handling.
Technical Notes — The DarkSword exploit leveraged a kernel‑level memory corruption bug (CVE‑2025‑XXXX) to achieve arbitrary code execution. The patch addresses the memory handling routine and adds additional integrity checks. Affected data includes any corporate apps, email, and VPN credentials stored on the device. Source: Dark Reading