Apple Releases Emergency iOS 18.7.7 Security Patch to Counter DarkSword Exploit

Summary

Apple has released iOS 18.7.7 and iPadOS 18.7.7 security updates to address the DarkSword exploit, a critical vulnerability that allows attackers to take over iPhones when users visit websites containing malicious code. The update is being rolled out to iPhone XS, XR, and other compatible devices, marking an unusual move for Apple as the company typically uses security fixes to incentivize upgrades to the latest OS version. DarkSword has already been weaponized by hacker groups targeting users in Malaysia, Saudi Arabia, Turkey, and Ukraine, and the exploit kit's public availability on GitHub has amplified the security threat.

While devices running iOS 26 already have built-in protection against DarkSword, Apple is providing the patch to iOS 18 users who have opted not to upgrade, recognizing the severity of the vulnerability. The company continues to encourage users on supported devices to upgrade to iOS 26 for enhanced overall protection. This departure from Apple's typical security strategy underscores the critical nature of the threat posed by the widely-available exploit.

• iOS 26 devices already have DarkSword protection, but Apple is extending patches to iOS 18 holdouts

Editorial Opinion

Apple's unprecedented decision to patch iOS 18 reflects the severity and reach of the DarkSword exploit—a rare acknowledgment that security updates are more critical than upgrade momentum in certain circumstances. The public availability of the exploit kit on GitHub has fundamentally shifted the threat landscape, making it essential for Apple to protect legacy device users. However, this move also highlights the ongoing security challenges of maintaining multiple OS versions and the need for users to adopt a more aggressive update cadence for protection against emerging threats.