Apple Issues Security Update to Protect iPhones from Darksword Hack

Apple has released a rare security update for iPhones running iOS 18, addressing a critical vulnerability exploited by the DarkSword hacking tool. The update, iOS 18.7.7 and iPadOS 18.7.7, extends security protections to users who have not yet upgraded to the latest iOS 26, a move that deviates from Apple’s typical practice of encouraging upgrades for security fixes.

The DarkSword exploit allows malicious actors to potentially take control of an iPhone if a user visits a website containing infected code. Initially limited to iPhone XS and XR models, the iOS 18.7.7 update is now available for a wider range of iPhones still operating on the older iOS 18 version. Apple is also alerting users with older iOS 18 versions to install a Critical Security Update.

Unusual ‘Backporting’ of Security Fixes

This action marks an unusual step for Apple, which generally reserves security updates for users on the latest iOS versions. Cybersecurity experts refer to providing fixes for older operating systems as “backporting” a patch. According to a report by Wired, Apple spokesperson confirmed the company’s decision to issue the update, stating they will issue software updates to protect iOS users from DarkSword.

“Apple will issue software updates on Wednesday morning to protect iOS users from a hacking technique known as DarkSword, which is capable of silently taking over certain iPhones running iOS 18—the previous version of Apple’s mobile operating system—when they visit a website infected with the malicious code.”

Apple spokesperson via Wired

While users on iOS 26 are already protected against DarkSword, this update specifically targets those who have chosen to remain on iOS 18. Apple encourages users with supported devices to upgrade to iOS 26 for enhanced protection, but acknowledges the need to address the vulnerability for those who haven’t.

DarkSword: A Widely Used Exploit

The DarkSword exploit kit has gained significant attention due to its widespread use by various threat actors. BleepingComputer reports that the exploit has been used to target individuals in Malaysia, Saudi Arabia, Turkey, and Ukraine. The exploit leverages six vulnerabilities, tracked as CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520.

Researchers at Lookout, iVerify, and Google Threat Intelligence first revealed DarkSword in March, noting its ability to compromise iPhones running iOS 18.4 through 18.7. The exploit kit has been linked to Turkish commercial surveillance vendor PARS Defense (UNC6748) and a suspected Russian espionage group (UNC6353). These groups have deployed malware families such as GhostBlade, GhostKnife, and GhostSaber to steal information from compromised devices.

Fixes First Shipped in 2025

Apple began addressing the vulnerabilities exploited by DarkSword as early as July 2025 with the release of iOS 18.6. However, the company initially stopped offering iOS 18 updates to newer devices capable of running iOS 26. The decision to now “backport” the fixes to iOS 18 is a significant shift in Apple’s security update policy.

According to Apple’s changelog for the update, the availability of iOS 18.7.7 was expanded on April 1, 2026, allowing users with Automatic Updates enabled to automatically receive the security protections against DarkSword. The company is also notifying users with older iOS 18 versions to install the Critical Security Update.

This move demonstrates Apple’s responsiveness to the growing threat posed by DarkSword and its willingness to prioritize security for a broader range of users, even those who have not yet adopted the latest iOS version. Users are still encouraged to upgrade to iOS 26 for the most comprehensive security protections.