Apple Expands iOS 18.7.7 Update to More Devices to Combat DarkSword Exploit
In a significant move to enhance mobile security, Apple has broadened the rollout of iOS 18.7.7 and iPadOS 18.7.7, making these updates available to a wider range of devices. This expansion, announced on April 1, 2026, aims to protect users from vulnerabilities associated with a recently identified exploit kit known as DarkSword.
Understanding the DarkSword Threat
The DarkSword exploit kit has raised alarms within the cybersecurity community due to its capability to target iOS and iPadOS devices running versions between iOS 18.4 and 18.7. The kit has reportedly been utilized in cyberattacks against users in various countries, including Saudi Arabia, Turkey, Malaysia, and Ukraine, since July 2025. The attacks are initiated when users visit compromised websites, which host malicious code as part of a watering hole attack. Once activated, these attacks can deploy backdoors and data miners, enabling persistent access and information theft.
Apple’s decision to expand the availability of the iOS 18.7.7 update is a proactive measure to counteract these threats. The company stated, “We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword.” The fixes related to the DarkSword exploit were initially released in 2025.
Devices Receiving the Update
The latest update is now available for a comprehensive list of devices, including:
- iPhones: XR, XS, XS Max, 11 (all models), SE (2nd generation), 12 (all models), 13 (all models), SE (3rd generation), 14 (all models), 15 (all models), 16 (all models), and 16e.
- iPads: mini (5th generation – A17 Pro), (7th generation – A16), Air (3rd – 5th generation), Air 11-inch (M2 – M3), Air 13-inch (M2 – M3), Pro 11-inch (1st generation – M4), Pro 12.9-inch (3rd – 6th generation), and Pro 13-inch (M4).
This update not only addresses the vulnerabilities associated with DarkSword but also ensures that devices capable of updating to iOS 26 can receive necessary security patches without requiring a full operating system upgrade.
Previous Warnings and Urgency for Updates
In March 2026, Apple urged users of older devices to update to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 to mitigate risks from DarkSword and another exploit kit named Coruna. This proactive communication underscores Apple’s commitment to user security, especially for those still operating on older versions of iOS.
While Apple has a history of backporting fixes for critical vulnerabilities, the recent decision to allow iOS 18 users to patch their devices without upgrading to the latest version marks a notable shift in the company’s approach. An Apple spokesperson indicated that the expansion of the update aims to help more users stay protected. For those without auto-update enabled, options include updating to the latest patched version of iOS 18 or moving to iOS 26.
The Broader Implications of DarkSword
The emergence of the DarkSword exploit kit highlights a troubling trend in mobile security. The kit’s capabilities suggest that sophisticated spyware for iPhones may be more prevalent than previously assumed, raising concerns about mass exploitation. The fact that a newer version of DarkSword has been leaked on GitHub further exacerbates these concerns, indicating that more threat actors may exploit this tool.
As of last week, Apple began issuing Lock Screen notifications to users of older iOS and iPadOS versions, alerting them to potential web-based attacks and encouraging them to install the latest updates. This initiative reflects the urgency surrounding the DarkSword threat and the need for users to remain vigilant.
Ongoing Threats and Responses
Recent reports from cybersecurity firms such as Proofpoint and Malfors have revealed that a Russia-linked threat actor, known as COLDRIVER (also referred to as TA446), has exploited the DarkSword kit to deliver GHOSTBLADE data stealer malware. This malware targets various sectors, including government, think tanks, higher education, financial institutions, and legal entities.
Rocky Cole, co-founder and COO at iVerify, emphasized the severity of the threat posed by DarkSword, stating, “DarkSword silently steals vast amounts of user data purely because the user visited a real (but compromised) website.” He noted that approximately 20% of users remain on unpatched earlier versions of iOS, which presents a clear and present danger.
The decision to backport patches to older iOS versions is a significant step for Apple, particularly given the company’s focus on security and privacy. However, experts caution that patching alone may not suffice in the face of zero-day vulnerabilities and a booming exploit market.
For more detailed information on the DarkSword exploit and its implications, visit the original reporting source: thehackernews.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
