One Click, Zero Chance: How a Webpage Can Hijack Your Phone Without You Noticing

You tap a link. The page loads. Nothing unusual appears on screen. The website might show a news article, a login form, or a white page that redirects somewhere else within a second. In the fraction of time between your browser requesting that page and the content rendering on screen, a sequence of code executions has already begun. By the time you scroll down or tap the back button, the attacker has full control of your device. You never downloaded anything. You never approved a permission. You never made a mistake.

This is what DarkSword does. First discovered by security researchers in late 2025, the exploit kit was used by state-backed threat actors for months before its code was leaked on GitHub on March 23, 2026, making it accessible to anyone. It targets iPhones running iOS versions 18.4 through 18.7, chaining six separate vulnerabilities to achieve full device compromise through a single webpage visit.

But how does a webpage take over a phone? What actually happens in those milliseconds? To answer that, we need to follow the attack through each layer of iOS security it breaks - from the browser engine to the kernel itself.

What Does a Browser-Based Exploit Actually Mean?

Most people carry a mental model of hacking that involves some kind of mistake by the victim. You downloaded a suspicious file. You entered your password on a fake website. You installed an app from an untrusted source. The assumption is that careful behavior protects you.

DarkSword discards that assumption almost entirely. The victim does nothing suspicious - they visit a webpage, something every smartphone user does hundreds of times per day. No download dialog appears. No permission request pops up. The exploit runs in the rendering engine itself, in the code that interprets the webpage before you ever see it. Security researchers classify DarkSword as a one-click exploit: the single action of visiting a compromised page is sufficient.

This is not a new category of attack. NSO Group's Pegasus achieved truly zero-click compromise through iMessage - sending a specially crafted message that exploited a flaw in how iOS parsed image files, requiring no user action at all. The FORCEDENTRY exploit, documented by Citizen Lab in September 2021, used PDF data disguised as GIF files to exploit an integer overflow in Apple's CoreGraphics library, also through iMessage. What distinguishes DarkSword is its attack vector. It operates through WebKit, the engine that powers Safari and every other browser on iOS. Any link, from any source - a text message, an email, a social media post, a QR code on a restaurant table - can be the entry point.

The distinction between one-click and zero-click is not academic. A zero-click exploit like FORCEDENTRY required no user interaction at all - not even opening a message. DarkSword requires the victim to visit a webpage, which creates a narrow window where delivery depends on social engineering or watering-hole attacks on legitimate websites. But in practice, that window is wide open: people click links constantly, and the compromised websites that delivered DarkSword in the wild included ordinary news sites and service portals.

The Front Door: WebKit and the First Vulnerability

Every webpage your iPhone displays passes through WebKit. This is largely not a choice Apple gives you. iOS requires all browsers to use WebKit as their rendering engine - a rule Apple has relaxed only in the European Union since March 2024, under pressure from the Digital Markets Act. Everywhere else, Chrome, Firefox, Brave, and every other browser on your iPhone are WebKit underneath. There is effectively one front door, and every app that displays web content walks through it.

WebKit's job is inherently dangerous. It must take code written by strangers on the internet - JavaScript, HTML, CSS, images, fonts, video - and execute it on your device. It does this billions of times per day across all iPhones worldwide. The code it processes is untrusted by definition. WebKit must interpret it correctly, render it visually, and prevent it from accessing anything beyond the boundaries Apple has defined.

DarkSword's first exploit targets a memory corruption vulnerability in JavaScriptCore, the component of WebKit that executes JavaScript. Memory corruption means the attacker's code writes data into memory locations reserved for the engine's own instructions. Think of it as relabeling the drawers in a filing cabinet: the system reaches for what it expects to be a routine instruction and instead pulls out the attacker's code. The processor does not know the difference. It executes whatever it finds.

This first exploit achieves what security researchers call arbitrary code execution within the WebKit process. The attacker can now run their own instructions on your phone. But they are still inside a cage.

Why One Vulnerability Is Not Enough

iOS does not trust WebKit. It does not trust any single process. Every app, every browser tab, every system service runs inside a sandbox - an isolated container that strictly limits what that process can see and do. A sandboxed WebKit process can render a webpage and display it on screen. It cannot read your messages. It cannot access your photos. It cannot activate your microphone. The sandbox walls are enforced by the kernel, the lowest and most privileged layer of the operating system.

This is why exploit "chains" exist. A single vulnerability gives you control of one sandboxed process. To compromise the actual device, you need to break through each security boundary separately. Each break requires its own exploit, targeting a different component with a different type of flaw. The chain is only as strong as its weakest link, but building one requires finding and combining multiple independent vulnerabilities.

DarkSword chains six distinct vulnerabilities across five stages: initial code execution in Safari's JavaScriptCore, a bypass of Apple's Pointer Authentication protections, a sandbox escape through the GPU process, privilege escalation through a media playback daemon, and finally kernel exploitation. Three of the six vulnerabilities were previously unknown zero-days. Each step is a separate technical achievement. Chaining them into a reliable, automated sequence that works across multiple iPhone models and iOS versions is what makes a toolkit like DarkSword worth millions on the commercial market - and what makes its public leak on GitHub so consequential.

The Sandbox Escape

The sandbox creates a problem for the attacker: the code running inside WebKit can do almost nothing useful to them. It processes web content, and that is all. To reach the rest of the device, the attacker must exploit the narrow channels Apple intentionally leaves open for legitimate communication between processes.

iOS uses a framework called XPC to let sandboxed processes talk to system services. WebKit needs to communicate with other parts of the OS for ordinary tasks: requesting an image to be decoded, asking a system service to handle a file download, querying font information. These communication channels are tightly controlled, but they exist. Each one is a potential avenue of escape.

DarkSword's sandbox escape targets the GPU process and a media playback daemon that run with higher privileges than the sandboxed WebKit process. The mechanism involves exploiting an out-of-bounds write vulnerability in the ANGLE graphics library, combined with the Pointer Authentication bypass, to achieve code execution outside the sandbox with elevated permissions.

Apple cannot eliminate these inter-process channels without crippling normal browser functionality. Every legitimate feature that requires interaction between the browser and the operating system - playing a video, rendering a complex PDF, accessing the clipboard - opens a narrow pathway that a sufficiently motivated attacker can try to exploit. The sandbox does not prevent attacks. It forces attackers to work harder and find more bugs.

The Kernel: Taking the Master Key

The system service the attacker now controls has more access than WebKit, but it still operates under restrictions. To achieve total control, DarkSword takes one more step: it exploits the kernel itself.

iOS runs on XNU, a hybrid kernel that combines elements of the Mach microkernel and the BSD operating system. The kernel manages everything: memory allocation, process scheduling, hardware access, and critically, all security enforcement. Code signing, sandboxing, file permissions, encryption key management - these are all kernel-level functions. Compromising the kernel means overriding every security measure iOS provides.

Apple has invested heavily in making kernel exploitation harder. Kernel Integrity Protection prevents modification of kernel code in memory. Pointer Authentication Codes - PAC - add cryptographic signatures to function pointers, making it harder to redirect execution flow. These mitigations raise the bar significantly, and DarkSword bypasses them through manipulation of internal dynamic linker structures, which indicates a level of sophistication consistent with a state-sponsored development effort rather than independent research.

With kernel access, the attacker operates at the same privilege level as iOS itself. They can disable code signing to load unauthorized software. They can read any file on the device regardless of encryption status, because the kernel holds the decryption keys. They can install persistent implants that survive app closures and potentially even reboots. The phone still looks and functions normally. No icon appears. No notification fires. The device becomes a surveillance tool that the owner carries willingly because they have no reason to suspect anything has changed.

What the Attacker Gets

The phrase "full device compromise" is abstract. What it means in practice is specific and disturbing.

The attacker can read every message on the device. This includes end-to-end encrypted applications like Signal and WhatsApp, because the exploit does not break the encryption protocol - it reads the messages after decryption, on the screen or in memory, the same way the user does. Encryption protects data in transit. It does not protect data from someone who controls the device at both ends.

With kernel-level access, an attacker can potentially activate the microphone and camera without triggering the indicator dots that iOS normally displays. Those indicators are software-controlled at the system level, and previous spyware like Predator has been documented suppressing them by hooking the internal sensor activity pipeline before it reaches the user interface. DarkSword specifically focuses on data exfiltration - contacts, call history, messages, keychain credentials, WiFi passwords, and cryptocurrency wallet data - but the kernel access it achieves would make real-time surveillance technically feasible.

For enterprise users, the consequences extend beyond the individual device. A compromised phone that connects to corporate networks may expose VPN credentials, internal email systems, and business-critical data. An active iCloud session on a compromised device exposes cloud-synced photos, documents, and backups, though Apple's current security measures make it harder for extracted authentication tokens to be reused on different devices than it was in earlier iOS versions.

The compromise leaves no visible trace to the average user. There is no unfamiliar app, no unusual battery drain in the early stages, no suspicious data usage that would stand out on a monthly bill. Specialized forensic tools like those developed by iVerify and Amnesty International's Security Lab can detect indicators of compromise, but they require deliberate effort to run.

Why DarkSword Is Different

Exploit chains targeting iPhones are not new. Pegasus has been documented since at least 2016. Predator, marketed by Intellexa, and Reign, built by QuaDream, followed similar technical approaches. The security research community and investigative journalists at organizations like Citizen Lab, Amnesty International, and Forbidden Stories have tracked these tools for years.

What changed with DarkSword is not the capability but the distribution model. Previous exploit kits existed as closely guarded commercial products. Governments reportedly paid NSO Group a $500,000 setup fee plus $650,000 for every ten targets, with large-scale contracts running into tens of millions. Access required a commercial relationship with the vendor, infrastructure to deploy the exploit, and typically the cooperation of telecommunications providers for delivery. The number of actors who could use Pegasus was limited by economics and logistics.

DarkSword was first disclosed by Google's Threat Intelligence Group, Lookout, and iVerify on March 18-19, 2026, as part of a coordinated effort after researchers discovered it had been used by multiple threat actors since at least November 2025. Four days later, on March 23, the full exploit code was leaked on GitHub as a functional toolkit. Not a proof of concept, not a partial demonstration, but a working toolchain that iVerify's co-founder Matthias Frielingsdorf described as fully weaponized, adding that the exploits "will work out of the box" with "no iOS expertise required."

The analogy is the difference between a guided missile system operated by a trained military unit and a firearm available at a store. The destructive capability per unit may be lower, but the number of actors who can now use it increases by orders of magnitude. Script kiddies, criminal organizations, corporate espionage operations, and smaller state actors who could never afford a Pegasus license all gained access to military-grade mobile surveillance capabilities.

The Defenses and Their Limits

Apple patched the vulnerabilities exploited by DarkSword in iOS 26.3, with a further background security improvement in iOS 26.3.1. The parallel update iOS 18.7.3 addresses the same flaws for devices still running iOS 18. Users who have updated to these versions or later are protected against this specific exploit chain. The fix is straightforward: update your phone. But the structural picture is more complicated.

Lockdown Mode, which Apple introduced with iOS 16, disables a range of features that expand the attack surface. Among other things, it blocks JavaScript JIT (Just-In-Time) compilation in WebKit. JIT compilation is a performance optimization that generates executable code at runtime - and it is precisely the kind of mechanism that memory corruption exploits target. Disabling it significantly raises the difficulty of the initial WebKit exploit. Lockdown Mode would likely have mitigated DarkSword's first stage, though no mitigation is guaranteed against unknown attacks. The trade-off is real: Lockdown Mode breaks some websites, disables certain iMessage features, and limits functionality in ways that most users would find disruptive for daily use.

BlastDoor, introduced with iOS 14, provides a hardened sandbox specifically for processing iMessage content. It was Apple's response to the iMessage-based exploits used by earlier versions of Pegasus. FORCEDENTRY, which appeared a year after BlastDoor shipped, was specifically designed to bypass it. But BlastDoor protects iMessage parsing, not Safari or WebKit. DarkSword operates through the browser, which BlastDoor does not cover.

The deeper problem is temporal. The security patches fix the known vulnerabilities, but they only help devices that install them. iPhones older than the iPhone 11 cannot run iOS 26 at all and will never receive this patch through the main update track. Apple has released iOS 18.7.2 and subsequent updates as parallel security patches for these older but still supported models, addressing the same vulnerabilities where applicable. Devices too old for even that update remain permanently exposed.

And then there is the adoption gap. Even among compatible devices, the time between a patch release and widespread installation spans weeks to months. Enterprise devices managed through mobile device management systems update on institutional schedules, not the day a patch drops. The vulnerability window between disclosure and universal patching is the period of greatest risk, because the existence of the exploit chain is now public knowledge while millions of devices remain unprotected.

DarkSword will be followed by the next exploit chain, targeting the next set of vulnerabilities. Apple will patch those too. This cycle has no end state. The security of the most widely used smartphone on Earth depends on an arms race between engineers patching the flaws they know about and attackers searching for the ones they do not.