In an unusual move, Apple has pushed out a critical security update for users still running iOS 18 (and iPadOS 18), specifically to protect against the powerful DarkSword exploit kit that can compromise iPhones and iPads simply by visiting a malicious or compromised website.
The update — iOS 18.7.7 and iPadOS 18.7.7 — was made available to a much broader range of devices on April 1, 2026. Users with Automatic Updates enabled should receive it automatically. For those without auto-updates turned on, devices running older builds of iOS 18 will see a prominent alert urging them to install the Critical Security Update.
What Is DarkSword and Why Is It Dangerous?
DarkSword is a hacking toolkit that enables attackers to take control of vulnerable iPhones running iOS 18.4 through 18.7 via drive-by web attacks. Victims don’t need to click anything suspicious — simply loading a website containing the malicious code is enough.
Once inside, the exploit can steal sensitive data including:
• Messages
• Browser history
• Location information
• Cryptocurrency wallets and assets
The stolen data is then uploaded to servers controlled by the attackers.The toolkit has already been used in targeted attacks against individuals in countries including Malaysia, Saudi Arabia, Turkey, Ukraine, and China. Making matters worse, the exploit tools have been leaked and published on GitHub, meaning the threat is no longer limited to sophisticated state actors or advanced hacker groups — virtually anyone with basic technical knowledge could potentially use it.
Apple first shipped fixes for DarkSword in 2025, and users on the latest iOS 26 have been protected for weeks. However, millions of users have deliberately stayed on iOS 18 — some to avoid the new “Liquid Glass” interface in iOS 26, others because they prefer the older design or have compatibility concerns with apps.
Normally, Apple uses security updates as gentle (or not-so-gentle) encouragement to move users to the newest OS version. The release of iOS 18.7.7 and iPadOS 18.7.7 for a wider set of devices marks a rare exception, showing the company views the DarkSword threat as serious enough to backport protections rather than force an upgrade.
Who Should Update?
• Anyone still on iOS 18 (iPhone XS and newer models that support iOS 26, as well as older devices limited to iOS 18).
• iPad users on iPadOS 18.
• The update is especially critical for users who have postponed or skipped the jump to iOS 26.
Apple also reminds users that Lockdown Mode provides additional protection against this class of web-based attacks.
Apple’s Official Statement
In its security notes, Apple stated:
“We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword. The fixes associated with the DarkSword exploit first shipped in 2025. Devices with older versions of iOS 18 will receive an additional alert to install a Critical Security Update.”
While the company continues to strongly recommend updating to iOS 26 for the fullest security and feature benefits, it has clearly prioritized user safety in this case.
MacDailyNews Take: If you’re still running iOS 18, check Settings > General > Software Update right away. The DarkSword tools are now in the wild, and web-based drive-by attacks are notoriously hard to avoid entirely.
This episode highlights both the ongoing cat-and-mouse game between Apple’s security team and sophisticated threat actors, and Apple’s willingness — when the risk is high enough — to support older software versions longer than usual.
iOS 18 and iPadOS 18 users, update promptly, and consider enabling Automatic Updates if you haven’t already. For maximum protection, upgrading to iOS 26 remains the best long-term choice.
Please help support MacDailyNews — and enjoy subscriber-only articles, comments, chat, and more — by subscribing to our Substack: macdailynews.substack.com. Thank you!
Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.
Click Here For The Original Source.
