Apple has expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices in an effort to protect users from vulnerabilities exposed by the DarkSword exploit kit. Initially released on March 24, 2026 for a limited number of devices including iPhone XS, XS Max, XR, and iPad 7th generation, the update now covers models ranging from iPhone XR to iPhone 16e and various iPad mini, Air, and Pro generations. According to Apple, users with Automatic Updates enabled will receive the security patches automatically, ensuring protection from web-based attacks without requiring an immediate upgrade to the latest iOS 26. The fixes associated with DarkSword were first introduced in 2025, but the expanded release addresses older devices that had remained on previous versions.
The DarkSword exploit kit, first publicly detailed by Google Threat Intelligence Group, iVerify, and Lookout, has been used in targeted cyber attacks since July 2025 in countries including Saudi Arabia, Turkey, Malaysia, and Ukraine. The attacks are executed via watering hole methods, where users visit legitimate but compromised websites that deploy malicious code. Once triggered, DarkSword has been observed installing backdoors and dataminer tools, allowing persistent access and information theft. Complicating matters, a newer version of DarkSword was leaked on GitHub, increasing the risk of additional threat actors leveraging the tool. The exploit is capable of targeting devices running iOS and iPadOS versions between 18.4 and 18.7, highlighting the critical need for timely patching.
Industry observers note that this move marks a rare step by Apple in backporting security fixes to older operating system versions. While the company regularly issues patches for critical vulnerabilities, allowing users to remain on iOS 18 while receiving security updates departs from its typical update approach, which usually encourages moving to the latest major OS release. Security specialists emphasize that unpatched devices, estimated to still account for around 20% of users, remain at risk from web-based attacks and advanced spyware. Proofpoint and Malfors have also reported that Russia-linked threat actor COLDRIVER, also known as TA446, has leveraged DarkSword to distribute GHOSTBLADE malware against government agencies, financial institutions, universities, and legal organizations, illustrating the exploit’s potential for wide-reaching impact.
Apple has taken additional measures to alert users, including Lock Screen notifications on older devices advising updates to the patched version. In statements shared with WIRED, Apple highlighted the importance of protecting devices against DarkSword and other exploit kits. Security experts, including Rocky Cole of iVerify, stressed that such backports are a necessary step to prevent widespread data theft and maintain user trust. As mobile threats continue to evolve, Apple’s expanded iOS 18.7.7 release represents an effort to address vulnerabilities proactively, giving users on older devices a viable path to remain secure against increasingly sophisticated cyber attacks.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
