CVE-2025-43520 The XNU Kernel Buffer Overflow That Gave DarkSword ROOT

Executive Summary CVE-2025-43520 is the sixth and final vulnerability in the DarkSword exploit chain — a classic buffer overflow in the XNU kernel (CWE-120) that, when exploited using the kernel a...

Apr 4, 2026 security, darksword

CVE-2025-43510 The Kernel COW Race That Gave DarkSword Its First Glimpse Into the XNU Kernel

Executive Summary CVE-2025-43510 is a kernel memory corruption vulnerability in the AppleM2ScalerCSCDriver — a hardware kernel driver handling color space conversion and scaling on Apple Silicon d...

Apr 3, 2026 security, darksword

DarkSword Stage 4 XPC Injection into mediaplaybackd — The Hidden Bridge to the iOS Kernel

Executive Summary Stage 4 of DarkSword is the most architecturally clever piece of the entire chain — and the least discussed. While earlier stages (CVE-2025-31277/43529 for RCE, CVE-2026-20700 fo...

Mar 27, 2026 security, darksword

CVE-2025-14174 The ANGLE Graphics Bug That Let DarkSword Escape Safari's Sandbox

Executive Summary CVE-2025-14174 is an out-of-bounds write vulnerability in ANGLE (Almost Native Graphics Layer Engine) — the open-source graphics abstraction library used by WebKit/Safari, Google...

Mar 24, 2026 security, darksword

CVE-2026-20700 How DarkSword Defeated Apple's Hardware Security — The dyld PAC-TPRO Bypass

Executive Summary CVE-2026-20700 is a memory corruption vulnerability in dyld — Apple’s dynamic linker, the very first piece of code that executes when any iOS application launches. This flaw serv...

Mar 23, 2026 security, darksword