Apple on Wednesday expanded the supply of iOS 18.7.7 and iPadOS 18.7.7 to a broader vary of gadgets to guard customers from the chance posed by a lately disclosed exploit package identified as DarkSword.
“We enabled the supply of iOS 18.7.7 for extra gadgets on April 1, 2026, so customers with Computerized Updates turned on can mechanically obtain vital security protections from net assaults known as DarkSword,” the corporate stated. “The fixes related to the DarkSword exploit first shipped in 2025.”
The replace is accessible for the next gadgets –
- iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all fashions), iPhone SE (2nd technology), iPhone 12 (all fashions), iPhone 13 (all fashions), iPhone SE (third technology), iPhone 14 (all fashions), iPhone 15 (all fashions), iPhone 16 (all fashions), and iPhone 16e
- iPad mini (fifth technology – A17 Professional), iPad (seventh technology – A16), iPad Air (third – fifth technology), iPad Air 11-inch (M2 – M3), iPad Air 13-inch (M2 – M3), iPad Professional 11-inch (1st technology – M4), iPad Professional 12.9-inch (third – sixth technology), and iPad Professional 13-inch (M4)
The newest replace goals to cowl gadgets which have the potential to replace to iOS 26 however are nonetheless on older variations. Apple first launched iOS 18.7.7 and iPadOS 18.7.7 on March 24, 2026, however just for iPhone XS, iPhone XS Max, iPhone XR, and iPad seventh technology.
Final month, the corporate additionally urged customers to replace older gadgets to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 to deal with among the exploits that have been utilized in DarkSword and one other exploit package known as Coruna.
Whereas Apple is thought to backport fixes for older gadgets relying on the criticality of the vulnerabilities, the transfer to permit iOS 18 customers to patch their gadgets with out having to replace to the newest working system model marks an uncommon departure for the tech large.
In a assertion shared with WIRED, an Apple spokesperson stated it was increasing the replace to extra gadgets to assist them keep protected. Customers who wouldn’t have auto-update enabled can have the choice to both replace to the newest, patched model of iOS 18 or to iOS 26.
The uncommon step comes weeks after Google Risk Intelligence Group (GTIG), iVerify, and Lookout shared particulars of an iOS exploit package known as DarkSword that has been put to make use of in cyber assaults focusing on customers in Saudi Arabia, Turkey, Malaysia, and Ukraine since July 2025. The package is able to focusing on iOS and iPadOS gadgets operating variations between iOS 18.4 and 18.7.
The assault will get triggered when a person operating a susceptible gadget visits a legitimate-but-compromised web site that hosts the malicious code as a part of what’s known as a watering gap assault. As soon as launched, the assaults have been discovered to deploy backdoors and a dataminer for persistent entry and knowledge theft.
It is at the moment not identified how the superior hacking device got here to be shared by a number of menace actors. A newer model of the package has since been leaked on the code-sharing website GitHub, fueling issues that extra menace actors might leap on the exploitation bandwagon.
The discovery additionally highlights that highly effective spyware and adware for iPhones is probably not as uncommon as beforehand thought, and that they might change into engaging instruments for mass exploitation.
As of final week, Apple started issuing Lock Display notifications to iPhones and iPads operating older variations of iOS and iPadOS to alert customers of web-based assaults and urge them to put in the newest updates.
Proofpoint and Malfors additionally revealed that one other Russia-linked menace actor often known as COLDRIVER (aka TA446) has exploited the DarkSword package to ship the GHOSTBLADE information stealer malware in assaults focusing on authorities, suppose tank, larger training, monetary, and authorized entities.
“DarkSword silently steals huge quantities of person information purely as a result of the person Now visited an actual (however compromised) web site,” Rocky Cole, co-founder and COO at iVerify, stated in a press release shared with The Hacker Information. “Apple has no less than agreed with the security group’s evaluation that this presents a transparent and current menace to gadgets that stay unpatched on earlier variations of iOS, which roughly 20% of persons are nonetheless operating.”
“Leaving these customers uncovered can be a tough determination to defend, significantly for an organization that facilities its model round security and privateness. Backporting patches to older iOS variations looks as if the least they’ll do in lieu of offering a security framework for outdoor builders. The truth is that patching is simply too little too late when 0-days are concerned, and the exploit market is booming.”
