DarkSword: Anatomy of a 6-Link iOS Zero-Day Chain
By Dillip Chowdary • Mar 23, 2026
The Google Threat Intelligence Group (GTIG) has published a bombshell report on "DarkSword," a highly sophisticated exploit kit used by commercial surveillance vendors to target high-value individuals on iOS 26. What makes DarkSword unprecedented is its use of a six-link chain of zero-day vulnerabilities, specifically designed to defeat the hardware-level security mitigations introduced in the A19 Pro chip.
Link 1 & 2: The Safari Entry Point
The chain begins with a Just-In-Time (JIT) compiler bug in WebKit (CVE-2026-3101). By leveraging a logic error in the Type Confusion mitigation, the exploit gains initial code execution within the Safari sandbox. It then immediately triggers a second vulnerability in the Apple Intelligence Local Inference Engine (CVE-2026-3102). This allows the attacker to escape the sandbox by tricking the AI sub-process into loading a malicious model weights file that contains an embedded payload.
Link 3 & 4: Defeating PAC and PPL
To gain kernel access, DarkSword must bypass Pointer Authentication Codes (PAC) and Page Protection Layer (PPL). Link 3 (CVE-2026-3103) is a hardware-timing side-channel attack that leaks PAC keys during speculative execution. With these keys, the exploit uses Link 4 (CVE-2026-3104)—a heap overflow in the IOGPU driver—to overwrite kernel objects. This is the first time a commercial exploit has been observed reliably bypassing hardware-level PAC on the A19 architecture without user interaction.
Link 5 & 6: The Secure Enclave Persistence
The final links (CVE-2026-3105 and 3106) target the Secure Enclave Processor (SEP) and the Always-On Processor (AOP). By exploiting a buffer overflow in the AOP's power management firmware, DarkSword achieves Persistence that survives a full factory reset. It then moves into the SEP to extract iCloud Keychain secrets and private Signal keys, all while staying invisible to Apple's Lockdown Mode.
Security Alert: Immediate Action Required
Apple has released iOS 26.5.1 to patch these vulnerabilities. All enterprise users should mandate the update immediately. GTIG notes that the DarkSword chain was active for 14 days before discovery, affecting an estimated 1,200 devices globally.
The AI-Weaponization Factor
The report warns that the discovery of these six zero-days was likely accelerated by LLM-assisted fuzzing. Commercial vendors are now using private clusters of H100/Rubin hardware to automatically identify complex logic flaws in closed-source firmware. This "automated weaponization" is shrinking the window between patch release and exploit discovery to near-zero.
As we move toward Liquid Glass and more complex on-device AI, the attack surface of the iPhone is expanding faster than our ability to secure it. DarkSword is a wake-up call for the industry: hardware mitigations are a speed bump, not a wall.