InfoSecBulletin Cybersecurity for mankind
An urgent warning about three important Apple flaws that are being used by hackers. These security flaws, known as CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520, were added to CISA’s list of Known Exploited Vulnerabilities (KEV).
Security experts have connected this group of three flaws to the advanced DarkSword iOS attack method. Hackers use it together to take control and affect many Apple devices.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The DarkSword Exploit Mechanism
The DarkSword campaign uses these three different weaknesses to take over the entire system. The attack starts with CVE-2025-31277, a major buffer overflow problem that impacts several Apple operating systems.
This flaw occurs when the target’s device processes maliciously crafted web content, triggering immediate memory corruption within the web processing engine. This first step gives attackers the chance to run random code on the victim’s device with little user involvement.
Once access is gained, the exploit uses CVE-2025-43510 to get around internal security limits. This flaw comes from not checking the lock state correctly. This can seriously damage memory, allowing a bad app to make strange changes to memory used by different processes.
By taking advantage of this weakness, attackers can change shared memory to gain higher access and get the system ready to run the final payload.
The exploit chain culminates with the execution of CVE-2025-43520. This critical memory corruption issue affects the core of the operating system. Exploiting this local flaw lets a harmful app write directly to kernel memory or make the system crash suddenly.
By getting write access at the kernel level, attackers take full control of the hacked device, ignoring Apple’s built-in protections and allowing ongoing spying or data theft.
The scope of this vulnerability chain is exceptionally broad, affecting nearly the entire modern Apple ecosystem.
Because the underlying vulnerable components handle web content processing and fundamental kernel operations across different platforms, the threat extends far beyond just mobile phones.
The list of affected products includes Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS.
Mitigations:
To mitigate the issue, CISA requires federal agencies and strongly urges private companies to act quickly. System admins need to use the latest fixes and security updates from Apple, which are iOS 18.7.2, macOS Sequoia 15.7.2, and watchOS 26.1.
