Apple has officially expanded the availability of security updates for iPhones operating on iOS 18, specifically designed to counteract threats posed by the actively exploited DarkSword exploit kit.
According to the changelog for the iOS 18.7.7 security update, issued on April 1, 2026, "We enabled the availability of iOS 18.7.7 for more devices... so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword."
The initial fixes for the vulnerabilities associated with the DarkSword exploit were rolled out in 2025.
In March, a collaboration among researchers from Lookout, iVerify, and Google Threat Intelligence unveiled the DarkSword exploit kit, which specifically targets iPhones running between versions iOS 18.4 and iOS 18.7.
The exploit kit leverages six identified vulnerabilities, cataloged as CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520.
While iOS exploits have typically been utilized in highly targeted spyware campaigns, the DarkSword exploit kit's reach has been notably broader, being deployed by various adversaries, including the Turkish commercial surveillance firm PARS Defense, a group known as UNC6748, and a suspected Russian espionage organization referred to as UNC6353.
In these instances, GTIG has reported the deployment of three distinct families of information-stealing malware on compromised devices: an assertive JavaScript infostealer named GhostBlade, the GhostKnife backdoor, and the GhostSaber JavaScript malware, capable of executing code and extracting data.
Beginning in July 2025, following the launch of iOS 18.6, Apple has incrementally addressed the vulnerabilities as they were disclosed via security updates to compatible devices.
Nevertheless, by late 2025, Apple ceased offering iOS 18 updates to newer devices eligible for the latest iOS 26. Consequently, users who opted to remain on iOS 18 experienced limited access to these security updates, with newer devices being excluded from receiving patches for the DarkSword vulnerabilities introduced in 2026.
As a result, only a select number of devices retained the ability to receive iOS 18 updates, with the previous 18.7.6 update made available solely to the iPhone XS, iPhone XS Max, and iPhone XR.
The situation was further complicated last month when a researcher publicly posted the DarkSword exploit kit on GitHub, thereby granting access to additional threat actors interested in targeting older iPhones.
Today, Apple has released iOS 18.7.7, extending its availability to a broader range of devices that prefer to remain on the older operating system while safeguarding themselves against the latest security threats.
Eligible devices for this new update now encompass the iPhone XR, iPhone XS, iPhone XS Max, all models of iPhone 11, iPhone SE (2nd generation), all models of iPhone 12, all models of iPhone 13, iPhone SE (3rd generation), all models of iPhone 14, all models of iPhone 15, all models of iPhone 16, iPhone 16e, iPad mini (5th generation - A17 Pro), iPad (7th generation - A16), iPad Air (3rd - 5th generation), iPad Air 11-inch (M2 - M3), iPad Air 13-inch (M2 - M3), iPad Pro 11-inch (1st generation - M4), iPad Pro 12.9-inch (3rd - 6th generation), and iPad Pro 13-inch (M4).
Users of iPhones still operating on iOS 18 with Automatic Updates enabled will now benefit from the latest version and enhanced protections against the DarkSword exploit kit.
Share this story