DarkSword Stage 4 XPC Injection into mediaplaybackd — The Hidden Bridge to the iOS Kernel

Executive Summary Stage 4 of DarkSword is the most architecturally clever piece of the entire chain — and the least discussed. While earlier stages (CVE-2025-31277/43529 for RCE, CVE-2026-20700 fo...

Mar 27, 2026 security

CVE-2025-14174 The ANGLE Graphics Bug That Let DarkSword Escape Safari's Sandbox

Executive Summary CVE-2025-14174 is an out-of-bounds write vulnerability in ANGLE (Almost Native Graphics Layer Engine) — the open-source graphics abstraction library used by WebKit/Safari, Google...

Mar 24, 2026 security

CVE-2026-20700 How DarkSword Defeated Apple's Hardware Security — The dyld PAC-TPRO Bypass

Executive Summary CVE-2026-20700 is a memory corruption vulnerability in dyld — Apple’s dynamic linker, the very first piece of code that executes when any iOS application launches. This flaw serv...

Mar 23, 2026 security

CVE-2025-43529 The Garbage Collector Race That Gave DarkSword Its Teeth

Executive Summary CVE-2025-43529 is a use-after-free (UAF) vulnerability in Apple’s JavaScriptCore — the JavaScript engine powering Safari and all browsers on iOS. Buried deep in the interaction b...

Mar 22, 2026 security

CVE-2025-31277 Inside the JavaScriptCore JIT Vulnerability That Opened iPhones to DarkSword

Executive Summary CVE-2025-31277 is a JIT type confusion / use-after-free memory corruption vulnerability in JavaScriptCore — the JavaScript engine that powers Apple’s Safari browser and WebKit ru...

Mar 21, 2026 security