CVE-2025-14174 The ANGLE Graphics Bug That Let DarkSword Escape Safari's Sandbox

Executive Summary CVE-2025-14174 is an out-of-bounds write vulnerability in ANGLE (Almost Native Graphics Layer Engine) — the open-source graphics abstraction library used by WebKit/Safari, Google...

Mar 24, 2026 security

CVE-2026-20700 How DarkSword Defeated Apple's Hardware Security — The dyld PAC-TPRO Bypass

Executive Summary CVE-2026-20700 is a memory corruption vulnerability in dyld — Apple’s dynamic linker, the very first piece of code that executes when any iOS application launches. This flaw serv...

Mar 23, 2026 security

CVE-2025-43529 The Garbage Collector Race That Gave DarkSword Its Teeth

Executive Summary CVE-2025-43529 is a use-after-free (UAF) vulnerability in Apple’s JavaScriptCore — the JavaScript engine powering Safari and all browsers on iOS. Buried deep in the interaction b...

Mar 22, 2026 security

CVE-2025-31277 Inside the JavaScriptCore JIT Vulnerability That Opened iPhones to DarkSword

Executive Summary CVE-2025-31277 is a JIT type confusion / use-after-free memory corruption vulnerability in JavaScriptCore — the JavaScript engine that powers Apple’s Safari browser and WebKit ru...

Mar 21, 2026 security

DarkSword The Six-Stage iOS Exploit Kit Used by States, Spies, and Surveillance Vendors

Executive Summary DarkSword is the most sophisticated publicly documented iOS exploit kit to date — a fully weaponized, JavaScript-based full-chain exploit framework that compromises any iPhone ru...