Apple Pushes Rare iOS 18 Security Update to Block the DarkSword Exploit Kit

Apple on April 1, 2026, made iOS 18.7.7 and iPadOS 18.7.7 available to a dramatically wider range of iPhones and iPads, protecting users from a dangerous web-based attack toolkit known as DarkSword. The move is remarkable because Apple rarely backports security patches to users of an older iOS generation who could technically upgrade to the current major release — in this case, iOS 26.

“We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword,” an Apple spokesperson said. “The fixes associated with the DarkSword exploit first shipped in 2025.”

A Timeline of the Response

What Is DarkSword?

DarkSword is a full-chain iOS exploit kit, meaning it links multiple individual vulnerabilities into a seamless attack sequence capable of fully compromising a target device. Detailed technical analysis was published by Google Threat Intelligence Group (GTIG), iVerify, and Lookout — the organizations that first disclosed the toolkit publicly.

Critically, the attack requires no interaction from the victim beyond visiting a legitimate-but-compromised website or loading a malicious advertisement inside Safari. This “drive-by” or “watering hole” delivery model makes DarkSword particularly dangerous: there is nothing unusual for a user to notice, click, or approve. Once triggered on a vulnerable device (those running iOS 18.4 through 18.7), attackers can deploy backdoors and data-mining tools for persistent access and information theft.

The kit has since been partially leaked on GitHub, raising concerns that less sophisticated threat actors could adapt and deploy it, substantially broadening the threat landscape beyond the state-sponsored groups initially linked to the attacks.

Targeted Countries and Victims

Researchers at GTIG, iVerify, and Lookout identified victims primarily in four countries. Apple’s own Lockdown Mode has been recommended as an additional layer of protection for high-risk individuals.

Devices Now Covered by iOS 18.7.7

Following Apple’s April 1 expansion, the following devices can now receive iOS 18.7.7 or iPadOS 18.7.7 as a security-only update, without needing to upgrade to iOS 26:

Why This Update Is Unusual

Apple’s standard policy has been to only provide security updates for the current generation of its operating system, using the promise of fixes as leverage to encourage users to upgrade. Extending iOS 18 patches to devices fully capable of running iOS 26 represents a significant — and, according to security professionals, welcome — break from that practice.

Users who do not have auto-updates enabled will see a prominent Critical Security Update alert on their device. Those who wish to stay on iOS 18 can navigate to Settings → General → Software Update, scroll past the featured iOS 26.4 option, and find iOS 18.7.7 listed under an “Also Available” section.

Apple continues to recommend that users migrate to iOS 26 for the most comprehensive security coverage and access to the latest features. However, the company has made clear that user safety takes precedence in this instance.

Apple also notes that Lockdown Mode provides additional protection against this class of web-based attacks for users who require an elevated security posture — such as journalists, activists, and executives who may be at heightened risk of targeted surveillance.