Apple has expanded the distribution of iOS 18.7.7 and iPadOS 18.7.7 to a wider selection of hardware to protect users against the DarkSword exploit kit. This unusual move allows individuals using older software versions to patch critical security vulnerabilities without being forced to upgrade to the newest major operating system.
Apple recently increased the availability of iOS 18.7.7 and iPadOS 18.7.7 to include a vast range of devices, extending from the iPhone XR to the most current iPhone 16 models and various iPad generations. This rollout aims to shield users from the DarkSword exploit kit, a set of malicious tools first identified in 2025. While the security patches were initially limited to a few older models, the tech giant is now offering these fixes to any device capable of running iOS 18, even if the user has not yet transitioned to iOS 26.
The DarkSword kit has been utilized by various threat actors to target users across several countries through compromised websites in what are known as watering hole attacks. Once a person visits a booby-backed site, the kit can deploy backdoors and data-mining software to steal personal information. Security researchers have noted that the kit is effective against devices running versions between iOS 18.4 and 18.7, making this wide-scale patching effort a priority for maintaining user privacy.
This specific update strategy marks a departure from Apple's standard protocol, as the company typically encourages users to move to the latest major operating system to receive the most current security benefits. By backporting these specific fixes to the iOS 18 branch, Apple is acknowledging the severity of the threat and the fact that a significant portion of its user base remains on older software. Notifications are now appearing on lock screens to warn users of potential web-based attacks and to prompt immediate installation.
The urgency behind these updates has been amplified by reports that the exploit kit has been leaked on public platforms like GitHub, potentially allowing more hackers to use it. Organizations like the Google Threat Intelligence Group and iVerify have tracked the kit's use in sophisticated cyberattacks, including campaigns by the Russia-linked group COLDRIVER. These attackers have used the kit to deliver data-stealing malware to targets in government, finance, and higher education sectors.
Security experts suggest that the discovery of DarkSword indicates that high-level spyware targeting mobile devices may be more common than previously assumed. While Apple has previously urged updates for even older operating systems like iOS 15 and 16, this latest push highlights the ongoing battle against professional-grade hacking tools. For most users, enabling automatic updates remains the most effective defense against these evolving digital threats.
Source: https://www.wired.com/story/apple-will-push-out-rare-backported-patches-to-protect-ios-18-users-from-darksword-hacking-tool/