Apple on Wednesday extended the availability of iOS 18.7.7 and iPadOS 18.7.7 to a wider range of devices to protect users from the threat posed by the newly disclosed malware known as DarkSword.
“We’ve made iOS 18.7.7 available for some devices on April 1, 2026, so users with Automatic Updates can get critical protection against the DarkSword web attack,” the company said. “Fixes related to the use of the DarkSword were sent for the first time in 2025.”
The update is available for the following devices –
- iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (second generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (third generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), and iPhone 16e
- iPad mini (5th generation – A17 Pro), iPad (7th generation – A16), iPad Air (3rd – 5th generation), iPad Air 11-inch (M2 – M3), iPad Air 13-inch (M2 – M3), iPad Pro 11-inch (1st generation – M4), iPad Pro 12.9-inch (3rd – 6th generation) – iPad M4 inch)
The latest update aims to cover devices that have the ability to update to iOS 26 but are still on older versions. Apple started releasing iOS 18.7.7 and iPadOS 18.7.7 on March 24, 2026, but only for the iPhone XS, iPhone XS Max, iPhone XR, and iPad 7th generation.
Last month, the company also encouraged users to update older devices to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 to handle some of the actions that were used in DarkSword and other devices called Coruna.
Although Apple is known for fixing backports for older devices based on serious vulnerabilities, the move to allow iOS 18 users to port their devices without updating the latest version of the system marks a rare departure from the tech giant.
In a statement shared with WIRED, an Apple spokesperson said it is rolling out updates to other devices to help them stay protected. Users without a custom update will have the option to update to the latest, jailbroken version of iOS 18 or iOS 26.
This unusual move comes a few weeks after Google Threat Intelligence Group (GTIG), iVerify, and Lookout shared details of an iOS device called DarkSword that was used in a cyber attack that targeted users in Saudi Arabia, Turkey, Malaysia, and Ukraine from July 2025. The device is able to target iOS and iPadOS devices running versions between iOS 18.7.4.
The attack begins when a user using a vulnerable device visits a legitimate but compromised website that runs malicious code as part of a so-called waterhole attack. Once launched, attacks have been found to install backdoors and dataminers for persistent access and information theft.
It is currently unknown how the sophisticated hacking tool was shared by multiple threat actors. A new version of the kit has been released on the GitHub site, raising concerns that more actors may jump to the exploit plan.
The discovery also highlights that powerful spyware on iPhones may not be as rare as previously thought, and that they could be attractive tools for mass exploitation.
Starting last week, Apple began providing Lock Screen notifications on iPhones and iPads running older versions of iOS and iPadOS to warn users of web-based attacks and encourage them to install the latest software.
Proofpoint and Malfors also revealed that a Russian-linked threat actor known as COLDRIVER (aka TA446) used the DarkSword kit to deliver the GOSTBLADE data-stealing malware in attacks targeting government, think tank, higher education, finance and law enforcement agencies.
“DarkSword silently steals a lot of data because the user has now visited a real (but compromised) website,” Rocky Cole, co-founder and COO at iVerify, said in a statement shared with The Hacker News. “At least Apple has agreed with the security community’s assessment that this poses a clear and present threat to devices that remain unpatched to earlier versions of iOS, which about 20% of people still run.”
“Leaving those users exposed can be a difficult decision to defend, especially for a company that puts its name on security and privacy. Rolling back patches to older versions of iOS seems like the least they can do instead of providing a security plan for outside developers. The truth is that patching is too late when 0 days are involved, and the add-on market is growing.”
#Apple #Adds #iOS #18.7.7 #Update #Devices #Prevent #Dark #Spear