Apple Extends iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
On Wednesday, Apple extended the availability of iOS 18.7.7 and iPadOS 18.7.7 to a wider range of devices to protect users from the risk posed by a newly disclosed exploit kit known as DarkSword.
“We’ve enabled the availability of iOS 18.7.7 on more devices on April 1, 2026, so that users with Automatic Updates turned on can automatically receive important security protections against a web attack called DarkSword,” the company said. “Fixes related to the DarkSword exploit were first shipped in 2025.”
The update is available for the following devices –
- iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (second generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (third generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), and iPhone 16e
- iPad mini (5th generation – A17 Pro), iPad (7th generation – A16), iPad Air (3rd – 5th generation), iPad Air 11-inch (M2 – M3), iPad Air 13-inch (M2 – M3), iPad Pro 11-inch (1st generation – M4), iPad Pro 12.9-inch (3rd – 6th inch) and iPad Pro
The latest update aims to cover devices that have the ability to upgrade to iOS 26 but are on older versions. Apple first released iOS 18.7.7 and iPadOS 18.7.7 on March 24, 2026, but only for the iPhone XS, iPhone XS Max, iPhone XR, and the 7th generation iPad.
Last month, the company also urged users to update older devices to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 to address another exploit used in DarkSword and another exploit kit called Coruna.
While Apple is known for fixing the backport of older devices to critical vulnerabilities, the move to allow iOS 18 users to port their devices without updating to the latest version of the operating system marks an unusual departure for the tech giant.
In a statement shared with WIRED, an Apple spokesperson said it is rolling out the update to more devices to help them stay secure. Users who do not have automatic update enabled will have the option to update to the latest, patched version of iOS 18 or iOS 26.
The rare move comes weeks after Google Threat Intelligence Group (GTIG), Verify, and Lookout shared details of an iOS kit called DarkSword used in cyber attacks targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine since July 2025. The kit is capable of targeting iOS and iPadOS devices running versions between iOS 18.4.
The attack is launched when a user using a vulnerable device visits a legitimate but vulnerable website that hosts malicious code as part of a so-called watering hole attack. Once launched, the attack was found to be backdoored with a dataminer for continuous access and information theft.
It is currently unknown how the advanced hacking tool was shared by so many malicious actors. A new version of the kit has since been leaked on code-sharing site GitHub, fueling concerns that more threat actors may jump on the exploit.
The discovery also highlights that powerful spyware for iPhones may not be as rare as previously thought, and that they can be attractive tools for mass exploitation.
Starting last week, Apple began issuing Lock Screen notifications on iPhones and iPads running older versions of iOS and iPadOS to warn users of web-based attacks and urge them to install the latest updates.
Proofpoint and Malfors also revealed that another Russian-linked threat actor known as COLDRIVER (aka TA446) misused the DarkSword kit to deliver the GHOSTBLADE data-stealing malware in attacks targeting government, think tank, higher education, finance, and law enforcement organizations.
“DarkSword is silently stealing a lot of user data because the user is now visiting a real (but vulnerable) website,” said Rocky Cole, founder and COO at iVerify, in a statement shared with The Hacker News. “Apple has at least agreed with the security community’s assessment that this presents a clear and present threat to devices that remain unpublished on previous versions of iOS, about 20% of the population still running.”
“Leaving those users exposed would be a difficult decision to defend, especially for a company that focuses its product on security and privacy. Reverting patches to older iOS versions seems like the least they can do instead of providing a security framework for outside developers. The reality is that patching is never too late when 0 days are involved, and the exploit market is booming.”
