iPhones Are Hackable? Threat Wire

This week's cybersecurity news roundup covers significant developments in mobile security and AI integration. Apple is facing scrutiny for security vulnerabilities in its iOS ecosystem, with two new exploit kits, Karuna and Dark Sword, being discovered. Karuna, identified in early March 2026, targeted iPhones running iOS versions 13.0 through 17.2.1, utilizing five exploit chains and 23 exploits. It operates by luring users to malicious websites where a hidden iframe delivers the exploit kit. Karuna's strength lies in its comprehensive collection of iOS exploits, including advanced, non-public techniques and bypasses for mitigation. The kit begins by fingerprinting the device, then uses a WebKit RCE exploit followed by a pointer authentication code bypass. Once successful, it injects a loader into a root-level demon to steal financial information and user credentials. Apple released a patch for Karuna, but researchers at Lookout, in collaboration with Google and I Verify, discovered Dark Sword shortly after. Dark Sword, announced on March 18th, targets iOS versions 18.4 through 18.7. This exploit kit requires minimal, and sometimes zero, user interaction to deploy, granting full access to the target device. Dark Sword quickly collects targeted information and then self-cleans. Written in JavaScript, it's a complete exploit chain and info stealer that exploits multiple vulnerabilities to achieve privileged code execution. Its kill chain starts with Safari encountering a malicious iframe on a website. Dark Sword then breaks out of the web content sandbox, uses WebGPU to inject into media playbackd, and gains kernel read/write access. This allows it to modify sandbox restrictions and access restricted file system areas. A key connection between Karuna and Dark Sword is their hosting on the same servers, suggesting they are deployed by the same threat actor. Apple has issued advisories recommending users update to the latest supported iOS versions (15 through 26). For devices unable to upgrade, using Lockdown Mode is advised to reduce the attack surface. In contrast, Android is adjusting its approach to app sideloading. Initially announcing a plan to block sideloading of unverified apps, Google has reversed course due to community feedback from power users who prefer the flexibility to take educated risks. To address security concerns, Android is introducing an "advanced flow" for sideloading. This one-time process guides less experienced users away from malicious app downloads. It involves enabling developer mode, confirming the user isn't being coached to download an app, and a mandatory phone restart followed by a delay period. This delay aims to prevent scammers from exploiting urgency and allows users time to verify any claims that might pressure them into installing malware. This feature is rolling out now and is present in Android versions as early as 16.1, released in late 2025. The Android ecosystem president stated that the 24-hour delay makes it much harder for attackers to persist their attacks, giving users time to realize if a loved one isn't in danger or their bank account isn't under attack. Other cybersecurity news includes a hack on a breathalyzer measurement company, which caused their car-locking breathalyzer hardware to fail, locking thousands of drivers out of their vehicles. Additionally, the co-founder of Super Micro was arrested for attempting to smuggle $2.5 billion worth of GPUs into China and has since resigned from the company. The discussion also touched on the use of AI in software development. User feedback suggests AI tools are beneficial for small, tedious tasks and for generating code snippets or providing hints for things developers might have forgotten. However, the consensus is that AI should not be used to write entire applications, and developers must still validate all code line by line. AI is seen as a tool to enhance understanding and accelerate learning by quickly explaining concepts, rather than replacing the engineer. The idea that AI will replace engineers is being challenged as companies see a decline in product quality when engineers rely too heavily on AI. The episode concludes with a call to action for viewers to like, comment, and subscribe to the channel, as they are close to reaching one million subscribers. The host also reiterates a request for content ideas.