Apple Broadens iOS 18.7.7 Update to Shield More Devices from DarkSword Exploit
On April 1, 2026, Apple expanded the reach of its iOS 18.7.7 and iPadOS 18.7.7 updates to encompass a wider array of devices, aiming to fortify users against the recently identified DarkSword exploit. This proactive measure underscores Apple’s commitment to user security, especially in light of emerging cyber threats.
The DarkSword exploit, first disclosed in 2025, has been associated with cyber attacks targeting users in regions such as Saudi Arabia, Turkey, Malaysia, and Ukraine. The exploit operates by compromising legitimate websites, turning them into conduits for malicious code—a tactic known as a watering hole attack. Once a user visits such a site using a vulnerable device, the exploit can deploy backdoors and data miners, granting attackers persistent access and enabling information theft.
Apple’s initial release of iOS 18.7.7 on March 24, 2026, was limited to devices like the iPhone XS, iPhone XS Max, iPhone XR, and the iPad 7th generation. Recognizing the broader risk posed by DarkSword, Apple has now extended the update to include:
– iPhones: iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (2nd generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (3rd generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), and iPhone 16e.
– iPads: iPad mini (5th generation – A17 Pro), iPad (7th generation – A16), iPad Air (3rd – 5th generation), iPad Air 11-inch (M2 – M3), iPad Air 13-inch (M2 – M3), iPad Pro 11-inch (1st generation – M4), iPad Pro 12.9-inch (3rd – 6th generation), and iPad Pro 13-inch (M4).
This expansion is particularly noteworthy as it includes devices capable of updating to iOS 26 but still operating on older versions. By broadening the update’s availability, Apple aims to ensure that a larger user base receives critical security protections against web-based attacks like DarkSword.
In a statement shared with WIRED, an Apple spokesperson emphasized the importance of this update, stating, We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword. This move reflects Apple’s dedication to safeguarding its users, even those who have not transitioned to the latest operating system versions.
The decision to backport security fixes to older devices is a departure from Apple’s typical practice. Traditionally, the company focuses on providing updates for its latest operating systems. However, the severity and widespread nature of the DarkSword exploit have prompted this exception, highlighting the critical need for comprehensive security measures across all devices.
The DarkSword exploit kit has been a significant concern within the cybersecurity community. Its ability to target iOS and iPadOS devices running versions between iOS 18.4 and 18.7 has made it a potent tool for cybercriminals. The exploit’s mechanism—infecting users through legitimate but compromised websites—demonstrates the evolving sophistication of cyber threats.
Security experts have noted that the availability of such exploit kits to multiple threat actors indicates a troubling trend. Rocky Cole, co-founder and COO at iVerify, commented, DarkSword silently steals vast amounts of user data purely because the user visited a real (but compromised) website. He further emphasized the importance of Apple’s response, stating, Apple has at least agreed with the security community’s assessment that this presents a clear and present threat to devices that remain unpatched on earlier versions of iOS, which roughly 20% of people are still running.
The expansion of the iOS 18.7.7 update is part of a broader strategy by Apple to address vulnerabilities exploited by DarkSword and similar threats. In March 2026, Apple urged users to update older devices to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 to mitigate risks associated with exploit kits like DarkSword and Coruna. These updates aim to patch vulnerabilities that could be exploited through malicious web content, thereby enhancing device security.
Apple has also taken proactive steps to alert users of potential threats. The company began issuing Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS, warning users of web-based attacks and urging them to install the latest updates. This approach ensures that users are informed of potential risks and can take immediate action to protect their devices.
The emergence of exploit kits like DarkSword and Coruna underscores the evolving landscape of cyber threats. These tools, once the domain of nation-state actors, are becoming more accessible to a broader range of cybercriminals. This democratization of sophisticated exploits poses a significant challenge to device security, making timely updates and user awareness more critical than ever.
In response to these challenges, Apple has been enhancing its security frameworks. The introduction of features like Lockdown Mode, available on devices running iOS versions 16 and later, provides users with additional layers of protection against malicious web content and other threats. Lockdown Mode is designed to reduce the attack surface by limiting certain functionalities, thereby mitigating potential vulnerabilities.
The company’s commitment to security is also evident in its continuous efforts to patch vulnerabilities. In February 2026, Apple released updates to address a zero-day flaw in WebKit, the browser engine used in Safari. This vulnerability, tracked as CVE-2026-20700, could allow arbitrary code execution and had been exploited in sophisticated attacks. By promptly addressing such vulnerabilities, Apple aims to stay ahead of potential threats and protect its user base.
For users, the key takeaway is the importance of keeping devices updated. Enabling Automatic Updates ensures that devices receive the latest security patches without delay. Regularly checking for updates and installing them promptly can significantly reduce the risk of exploitation.
In conclusion, Apple’s expansion of the iOS 18.7.7 update to a broader range of devices is a proactive step in combating the DarkSword exploit. This move reflects the company’s dedication to user security and its responsiveness to emerging cyber threats. As the digital landscape continues to evolve, such measures are essential in maintaining the integrity and safety of user data.
