Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a wider range of devices to protect users from the risks posed by a recently released exploit kit known as DarkSword.
“With iOS 18.7.7 available on more devices starting April 1, 2026, users who have automatic updates turned on now automatically receive important security protection from a web attack called DarkSword,” the company said. “Fixes related to the DarkSword exploit were first shipped in 2025.”
Update is available for the following devices –
iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (2nd generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (3rd generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), iPhone 16e iPad mini (5th generation – A17 Pro), iPad (7th generation – A16), iPad Air (3rd generation – 5th generation), iPad Air 11 inch (M2 to M3), iPad Air 13 inch (M2 to M3), iPad Pro 11 inch (1st generation to M4), iPad Pro 12.9 inch (3rd generation to 6th generation), iPad Pro 13 inch (M4)
The latest update is intended to cover devices that have the ability to update to iOS 26 but are still using an older version. Apple first released iOS 18.7.7 and iPadOS 18.7.7 on March 24, 2026, but only for iPhone XS, iPhone XS Max, iPhone XR, and iPad 7th generation.
Last month, the company urged users to update older devices to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 to address some of the exploits used in DarkSword and another exploit kit called Coruna.
Apple is known for backporting fixes for older devices depending on the severity of the vulnerability, but the move to allow iOS 18 users to patch their devices without updating to the latest operating system version marks an unusual departure for the tech giant.
In a statement shared with WIRED, an Apple spokesperson said the update will be expanded to more devices to help them stay protected. Users who don’t have automatic updates enabled can choose to update to the latest patched version of iOS 18 or iOS 26.
This rare action comes weeks after Google Threat Intelligence Group (GTIG), iVerify, and Lookout shared details of an iOS exploit kit called DarkSword that has been used in cyberattacks targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine since July 2025. This kit can target iOS and iPadOS devices running versions of iOS 18.4 to 18.7.
The attack is triggered when a user running a vulnerable device visits a legitimate but compromised website that hosts malicious code as part of a so-called watering hole attack. Once an attack is launched, backdoors and data miners are deployed to provide persistent access and information theft.
It is currently unclear how this advanced hacking tool came to be shared by multiple attackers. A new version of the kit has since been leaked on code-sharing site GitHub, raising concerns that more attackers will take advantage of the exploit.
The discovery also highlights that powerful spyware for the iPhone may not be as rare as previously thought and could be an attractive tool for mass exploitation.
As of last week, Apple began issuing lock screen notifications to iPhones and iPads running older versions of iOS and iPadOS to warn users about web-based attacks and remind them to install the latest updates.
Proofpoint and Malfors also revealed that another Russia-linked actor known as COLDRIVER (also known as TA446) exploited the DarkSword kit to deliver GHOSTBLADE data stealer malware in attacks targeting governments, think tanks, higher education institutions, financial institutions, and corporations.
“DarkSword is silently stealing vast amounts of user data simply because the user Now visited a genuine (but compromised) website,” Rocky Cole, co-founder and chief operating officer of iVerify, said in a statement shared with The Hacker News. “Apple at least agreed with the security community’s assessment that this presents a clear and present threat to devices with early, unpatched versions of iOS (which about 20% of people are still running).”
“Keeping these users exposed would be a difficult decision to defend, especially for a company that puts security and privacy at the heart of its brand. Instead of providing a security framework to outside developers, backporting patches to older iOS versions seems like the least the company can do. The fact is, when zero-days are involved, it’s too late to patch, and the exploit market is booming.”
Source link
