CVE-2025-43510 & DarkSword The Six-Stage iPhone Exploit Chain Used by Spies and Surveillance Vendors
Executive Summary
CVE-2025-43510 is a memory management vulnerability in the iOS XNU kernel, but understanding it in isolation misses the bigger picture. It is Stage 5 of six in the DarkSword exploit chain — a fully weaponized, JavaScript-based iOS exploit framework that achieves complete kernel compromise of iPhones with a single Safari visit.
DarkSword is not a hobbyist tool. It has been:
- Used by a Russian state-sponsored espionage group (UNC6353) targeting Ukraine
- Used by a Turkish commercial spyware vendor (PARS Defense) targeting users in Turkey and Malaysia
- Used by a threat cluster (UNC6748) targeting users in Saudi Arabia via a fake Snapchat site
- Active since at least November 2025 — months before public disclosure
- Targeting iPhones running iOS 18.4 through 18.7 (over 220 million potentially vulnerable devices at disclosure)
Once successful, DarkSword deploys GHOSTBLADE — a “hit-and-run” spyware implant that exfiltrates iMessages, photos, call history, browser data, cryptocurrency wallets, location history, and more — all within seconds, then cleans up to minimize forensic traces.
CISA added CVE-2025-43510 to its Known Exploited Vulnerabilities (KEV) catalog on March 20, 2026. Apple has released patches across all affected platforms.
CVE Summary
| Field | Detail |
|---|---|
| CVE ID | CVE-2025-43510 |
| Product | Apple iOS, iPadOS, macOS, watchOS, tvOS, visionOS |
| Component | XNU kernel (AppleM2ScalerCSCDriver) |
| Vulnerability Type | Improper Locking / Memory Management (CWE-667) |
| CVSS v3.1 Score | 8.6 (High) |
| Role in DarkSword | Stage 5 — Kernel arbitrary memory R/W primitive |
| Attack Vector | Local (requires prior sandbox escape) |
| Exploitation | Active — used by state actors and commercial spyware vendors |
| Active Since | November 2025 |
| CISA KEV Added | March 20, 2026 |
| Targeted iOS Versions | iOS 18.4 – 18.7 |
| Patched In | iOS 18.7.2, iOS 26.1 |
The DarkSword Exploit Chain: Full CVE List
DarkSword is a six-vulnerability chain — each stage dependent on the previous. All six CVEs are distinct, targeting different layers of iOS security:
| Stage | CVE | Component | Type | Purpose |
|---|---|---|---|---|
| 1 | CVE-2025-31277 | JavaScriptCore (DFG JIT) | Memory corruption | RCE via Safari (iOS < 18.6) |
| 1 | CVE-2025-43529 | JavaScriptCore (GC bug in DFG JIT) | Memory corruption | RCE via Safari (iOS 18.6–18.7) |
| 2 | CVE-2026-20700 | dyld (Dynamic Link Editor) | PAC/TPRO bypass | Bypass Pointer Authentication + Trusted Path |
| 3 | CVE-2025-14174 | ANGLE (graphics abstraction) | Out-of-bounds write | Sandbox escape: WebContent → GPU process |
| 4 | (Injection) | mediaplaybackd daemon | XPC injection | Pivot from GPU to system daemon |
| 5 | CVE-2025-43510 | XNU kernel (AppleM2ScalerCSCDriver) | Improper locking / copy-on-write bug | Arbitrary kernel memory R/W |
| 6 | CVE-2025-43520 | iOS kernel | Memory corruption | Full kernel privilege escalation → root |
Note: Stage 1 has two variants — CVE-2025-31277 for older iOS, CVE-2025-43529 for newer iOS — making the chain adaptive to the target’s iOS version.
iOS Security Architecture: What DarkSword Had to Break Through
To appreciate the sophistication of DarkSword, we must understand iOS’s layered security model:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
┌─────────────────────────────────────────────────────────────────┐
│ USER APPS │
│ (Sandboxed, restricted entitlements) │
└───────────────────────────┬─────────────────────────────────────┘
│ App Sandbox boundary
┌───────────────────────────▼─────────────────────────────────────┐
│ WEBKIT / SAFARI │
│ WebContent Process ← sandboxed renderer │
│ GPU Process ← separate, low-privilege │
│ JavaScriptCore JIT ← compiles JS to native code │
│ PAC (Pointer Authentication Codes) ← hardware-level │
└───────────────────────────┬─────────────────────────────────────┘
│ Process sandbox boundary
┌───────────────────────────▼─────────────────────────────────────┐
│ SYSTEM DAEMONS │
│ mediaplaybackd, imagent, etc. │
│ Higher privileges, XPC communication │
└───────────────────────────┬─────────────────────────────────────┘
│ Kernel boundary
┌───────────────────────────▼─────────────────────────────────────┐
│ XNU KERNEL │
│ Hardware drivers (AppleM2ScalerCSCDriver, etc.) │
│ Memory management, process isolation │
│ PAC enforcement, TPRO (Trusted Path Read-Only) │
└─────────────────────────────────────────────────────────────────┘
DarkSword broke through every single layer — six distinct security boundaries, each requiring its own exploit.
Technical Deep Dive: Stage by Stage
Stage 1: Remote Code Execution — JavaScriptCore JIT
Entry vector: User visits a malicious website in Safari.
The attack begins entirely in JavaScript. The webpage (or a hidden iframe) loads DarkSword’s JavaScript payload. It targets the JIT (Just-In-Time) compiler in JavaScriptCore — the engine that compiles JavaScript to native machine code for performance.
CVE-2025-31277 (iOS < 18.6): A memory corruption bug in the DFG (Data Flow Graph) JIT layer — a classic use-after-free or type confusion class vulnerability that corrupts the JIT-compiled code’s memory layout.
CVE-2025-43529 (iOS 18.6–18.7): A garbage collection bug in the same DFG JIT layer — triggers when the GC incorrectly frees an object still referenced by JIT-compiled code.
Both variants achieve the same outcome:
1
2
3
Malicious JavaScript → JIT compiles to native code → Memory corruption triggered
→ Arbitrary memory read/write primitive in WebContent process
→ Remote Code Execution within Safari's WebContent sandbox
Stage 2: PAC & TPRO Bypass — dyld
CVE-2026-20700 targets dyld — Apple’s Dynamic Link Editor, the runtime linker.
Modern iOS uses PAC (Pointer Authentication Codes) — ARM hardware features that cryptographically sign pointers, preventing attackers from forging code pointers (return addresses, function pointers). TPRO (Trusted Path Read-Only) enforces that trusted code paths cannot be modified.
CVE-2026-20700 is a bug in how dyld handles certain pointer validation operations, allowing these protections to be bypassed:
1
2
3
4
5
6
Without bypass: Attacker can read/write memory but cannot
control code execution (PAC blocks forged pointers)
With CVE-2026-20700: Attacker can bypass PAC signing/verification
→ Forged function pointers become valid
→ Arbitrary code execution unlocked
Stage 3: Sandbox Escape — WebContent to GPU Process
CVE-2025-14174 — an out-of-bounds write in ANGLE (Almost Native Graphics Layer Engine), the cross-platform OpenGL ES abstraction layer used by WebKit for GPU-accelerated rendering.
Safari’s WebContent process is heavily sandboxed — it cannot directly access most system resources. But the GPU process runs with slightly higher privileges. By exploiting the OOB write in ANGLE combined with the PAC bypass:
1
2
3
4
5
WebContent process (sandboxed renderer)
→ Exploits ANGLE OOB write in GPU-facing code
→ Combined with PAC bypass from Stage 2
→ Injects code into GPU process
→ Escapes WebContent sandbox
Stage 4: Pivot — GPU Process to mediaplaybackd
From the GPU process, DarkSword leverages XPC (inter-process communication) interfaces exposed by mediaplaybackd, a system daemon responsible for media playback.
By injecting malicious XPC messages crafted to exploit the daemon’s trust model:
1
2
GPU process → XPC message injection → Code execution in mediaplaybackd
(higher-privileged system daemon)
Stage 5: Kernel Memory R/W — CVE-2025-43510
This is where CVE-2025-43510 comes in.
The vulnerability is a copy-on-write (COW) bug in the AppleM2ScalerCSCDriver kernel driver — a component related to the Apple Silicon (M2) scaler hardware. The bug is an improper locking issue: the kernel fails to properly lock shared memory regions during certain operations, allowing a process to modify memory that should be read-only by the time another process reads it.
From within mediaplaybackd, the exploit uses exposed XPC interfaces to interact with the driver:
1
2
3
4
5
6
mediaplaybackd
→ Calls AppleM2ScalerCSCDriver via XPC
→ Triggers CVE-2025-43510 race condition
→ Shared memory region not properly locked during COW operation
→ mediaplaybackd can write to kernel-mapped memory
→ Arbitrary kernel memory read/write primitive achieved
With arbitrary kernel R/W, the attacker can:
- Read kernel structures (credentials, task ports, memory maps)
- Modify kernel data to elevate privileges
Stage 6: Kernel Privilege Escalation — CVE-2025-43520
Building on the arbitrary R/W primitive from Stage 5, CVE-2025-43520 is a kernel memory corruption vulnerability that, when exploited with the existing R/W primitive, achieves full kernel privilege escalation:
1
2
3
4
5
6
7
Arbitrary kernel memory R/W (from CVE-2025-43510)
→ Corrupt kernel credentials structure
→ Elevate effective UID to 0 (root)
→ Disable sandbox enforcement
→ Full kernel privileges
→ Platform Application entitlements
→ Access to ALL app data, system files, hardware
Full Exploit Flow Diagram
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[User visits malicious website in Safari]
│
│ Malicious iframe loads DarkSword JavaScript
▼
[Stage 1: JIT RCE — CVE-2025-31277 or CVE-2025-43529]
JavaScriptCore DFG JIT memory corruption
→ Arbitrary R/W in WebContent process
│
▼
[Stage 2: PAC/TPRO Bypass — CVE-2026-20700]
dyld pointer authentication bypass
→ Arbitrary code execution in WebContent
│
▼
[Stage 3: Sandbox Escape — CVE-2025-14174]
ANGLE OOB write + PAC bypass
→ Code execution in GPU process
│
▼
[Stage 4: Daemon Pivot]
XPC injection into mediaplaybackd
→ Higher-privilege system daemon access
│
▼
[Stage 5: Kernel R/W — CVE-2025-43510]
AppleM2ScalerCSCDriver COW race condition
→ Arbitrary kernel memory read/write
│
▼
[Stage 6: Kernel Privilege Escalation — CVE-2025-43520]
Kernel credential corruption
→ Full root / kernel privileges
│
▼
[GHOSTBLADE IMPLANT DEPLOYED]
→ Rapid data exfiltration (seconds to minutes)
→ Cleanup and self-deletion
→ No persistent traces left
GHOSTBLADE: The Spyware Payload
Once kernel compromise is achieved, DarkSword deploys GHOSTBLADE — a sophisticated hit-and-run spyware implant.
Design philosophy — “hit and run”: GHOSTBLADE is designed for rapid, low-footprint exfiltration rather than persistent access. It:
- Deploys an orchestrator with multiple data-collection modules
- Collects all target data as fast as possible
- Exfiltrates to attacker C2
- Self-deletes and cleans up forensic artifacts
- Leaves minimal traces on the device
Data exfiltrated by GHOSTBLADE:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Communications:
├── iMessages (full history)
├── SMS messages
├── WhatsApp messages
├── Telegram messages
└── Call history (incoming, outgoing, missed)
Personal Data:
├── Photos and videos
├── Contacts
├── Calendar entries
├── Apple Health data
└── Notes
Credentials & Accounts:
├── Saved Safari passwords
├── Browser cookies and history
├── Wi-Fi network names and passwords
└── iCloud account contents
Financial:
└── Cryptocurrency wallet data
Device Intelligence:
├── Installed applications list
├── Location history
├── SIM card information
└── Connected account information
The combination of kernel-level access and rapid exfiltration makes GHOSTBLADE one of the most capable iOS spyware payloads documented in the wild.
Threat Actors & Attribution
UNC6353 — Russian State-Sponsored Espionage
- Classification: State-sponsored, suspected Russian intelligence affiliation
- Target: Ukraine
- Method: DarkSword delivered via compromised news websites popular with Ukrainian users
- Objective: Intelligence collection — military, government, civil society targets
- Connection: Also linked to the Coruna exploit kit — suggesting a shared developer or broker relationship
UNC6748 — Unknown, Targeting Gulf Region
- Classification: Threat cluster, attribution unclear
- Target: Saudi Arabia
- Method: Fake Snapchat-themed website — social engineering lure targeting young users
- Objective: Unclear — possibly intelligence or criminal
PARS Defense — Turkish Commercial Spyware Vendor
- Classification: Commercial surveillance vendor (CSV)
- Target: Turkey, Malaysia
- Method: Targeted delivery to specific individuals
- Objective: Sold as surveillance-as-a-service — customers include law enforcement and government agencies
- Significance: Part of a growing ecosystem of commercial spyware vendors (alongside NSO Group/Pegasus, Intellexa/Predator) weaponizing iOS zero-days
The broader spyware supply chain:
1
2
3
4
5
6
7
8
9
Zero-day discovered
↓
Sold to spyware vendor (PARS Defense, NSO Group, Intellexa, etc.)
↓
Weaponized into exploit kit (DarkSword, Pegasus, Predator)
↓
Licensed to government customers
↓
Deployed against journalists, activists, dissidents, competitors
Google’s Threat Intelligence team noted that DarkSword’s exploits showed similarities to techniques previously associated with Intellexa and NSO Group — suggesting shared exploit development or an active zero-day brokerage market where the same bugs are sold to multiple buyers.
Detection & Forensics
iOS Device Indicators
DarkSword is specifically designed to minimize forensic traces. Detection is challenging but not impossible:
iVerify and similar mobile threat detection:
- Behavioral anomalies in background process activity
- Unusual network connections from system daemons
- Memory pattern anomalies consistent with kernel exploitation
Apple Diagnostics:
1
2
3
4
5
Settings → Privacy & Security → Analytics & Improvements → Analytics Data
Look for:
- Crash logs from WebContent, GPU process, mediaplaybackd around suspicious Safari activity
- Unusual sysdiagnose entries for AppleM2ScalerCSCDriver
- Unexpected process termination events
Network-Level Detection:
1
2
3
- Unusual outbound connections from iPhone immediately after Safari session
- HTTPS connections to newly registered domains from known victim devices
- DNS queries to infrastructure matching known DarkSword C2 patterns
Lockdown Mode: Enabling Lockdown Mode on iOS significantly raises the bar for browser-based exploit chains:
- Restricts JIT compilation in Safari (blocks Stage 1 directly)
- Limits message attachments and link previews
- Blocks certain XPC features
YARA Rule (Network Traffic — DarkSword Stage 2 Beacon)
rule DarkSword_HTTP_Confirmation_Beacon {
meta:
description = "Detects DarkSword-style HTTP PUT beacon patterns"
author = "Security Research"
date = "2026-03-21"
strings:
$ua = "Mozilla/5.0" ascii
$put = "PUT" ascii
$path = /\/[a-f0-9]{32}\/confirm/ ascii
condition:
$ua and $put and $path
}
Mitigation & Remediation
Update Immediately
| Platform | Minimum Safe Version |
|---|---|
| iPhone / iPad | iOS/iPadOS 18.7.2 or iOS 26.1+ |
| Mac | macOS Sonoma 14.8.2 / Sequoia 15.7.2 / Tahoe 26.1 |
| Apple Watch | watchOS 26.1 |
| Apple TV | tvOS 26.1 |
| Apple Vision Pro | visionOS 26.1 |
Apple also released a patch on March 11, 2026 extending protection to iOS 15 and iOS 16 devices. Users on those versions should also update.
Enable Lockdown Mode (High-Risk Users)
For journalists, activists, government officials, executives, and anyone who may be a targeted surveillance target:
1
Settings → Privacy & Security → Lockdown Mode → Turn On Lockdown Mode
Lockdown Mode blocks the browser JIT exploitation that initiates DarkSword (Stage 1).
Additional Controls
1
2
3
4
5
- Avoid visiting unknown/untrusted websites on iPhone — especially sent via SMS or messaging apps
- Use Private Browsing mode where possible (different memory layout, slightly harder to exploit)
- Keep "Check for Updates" enabled (automatic) — Settings → General → Software Update
- Enable iVerify or similar mobile threat detection for high-risk individuals
- For enterprises: deploy Mobile Device Management (MDM) with minimum OS version enforcement
MITRE ATT&CK Mapping (DarkSword / GHOSTBLADE)
| Tactic | Technique | ID |
|---|---|---|
| Initial Access | Drive-by Compromise | T1189 |
| Execution | Exploitation for Client Execution | T1203 |
| Privilege Escalation | Exploitation for Privilege Escalation | T1068 |
| Defense Evasion | Indicator Removal: File Deletion | T1070.004 |
| Defense Evasion | Rootkit (Kernel-level) | T1014 |
| Credential Access | Credentials from Password Stores | T1555 |
| Credential Access | Steal Web Session Cookie | T1539 |
| Collection | Data from Local System | T1005 |
| Collection | Screen Capture | T1113 |
| Collection | Audio Capture | T1123 |
| Collection | Email Collection | T1114 |
| Exfiltration | Exfiltration Over C2 Channel | T1041 |
| Exfiltration | Automated Exfiltration | T1020 |
Conclusion
CVE-2025-43510 by itself is a high-severity kernel bug. Within the DarkSword chain, it is the critical pivot point that transforms a sandbox escape into full kernel compromise. The chain as a whole represents the current ceiling of iOS offensive capability — six distinct zero-days, each targeting a different security boundary, all chained seamlessly in JavaScript.
What makes DarkSword particularly alarming is its proliferation: multiple unrelated threat actors across different geographies — a Russian espionage group, a Turkish surveillance vendor, an unknown Gulf-region threat cluster — were all using the same exploit kit. This suggests an active and well-organized zero-day market where nation-state-level tools are being commoditized.
The lesson for every iPhone user: iOS security is only as strong as the current patch level. Update immediately, enable automatic updates, and if you’re a high-risk target — enable Lockdown Mode today.
References
- Google Threat Intelligence — DarkSword iOS Exploit Chain
- NVD — CVE-2025-43510
- CISA KEV — March 20, 2026 Addition
- The Hacker News — DarkSword iOS Exploit Kit Uses 6 Flaws
- Security Week — DarkSword Used by State Hackers and Spyware Vendors
- Malwarebytes — A DarkSword Hangs Over Unpatched iPhones
- iVerify — DarkSword Explained
- Security Affairs — DarkSword Emerges
- Tom’s Guide — 220 Million iPhones Under Attack
- The Register — DarkSword Exploit Kit Steals iPhone Data
This post is intended for security researchers, mobile security professionals, and high-risk individuals. Technical analysis is based on publicly disclosed research from Google Threat Intelligence and iVerify.