Apple has expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to more devices to protect users from the DarkSword exploit kit, a hacking tool used in targeted cyber-attacks.
The update allows devices still running iOS 18 to receive security patches without upgrading to the latest operating system.
The security fixes included in the update were originally released in 2025, but Apple broadened access on April 1, so more users could automatically receive protections against web-based attacks linked to DarkSword.
The exploit targets devices running iOS versions between 18.4 and 18.7 and can deploy malware when a user visits a compromised website in a watering hole attack.
Devices Now Eligible For the Update
The expanded update covers a wide range of iPhones and iPads that remain on iOS 18. Eligible devices include:
-
iPhone XR through iPhone 16 models
-
iPhone SE (2nd and 3rd generation)
-
Multiple iPad mini, iPad Air and iPad Pro models
-
iPad (7th generation)
Users with automatic updates enabled will receive the patch automatically, while others can manually update to the patched iOS 18 version or upgrade to iOS 26.
DarkSword Exploit and Ongoing Attacks
Security researchers revealed that the DarkSword exploit kit has been used in cyber attacks since July 2025, which have targeted users in several countries.
The exploit uses six vulnerabilities and has been linked to multiple threat actors, including surveillance vendors and suspected espionage groups. Attacks have deployed several data-stealing tools, including GhostBlade, GhostKnife and GhostSaber malware.
"DarkSword silently steals vast amounts of user [data] purely because the user visited a real (but compromised) website," Rocky Cole, co-founder and COO at iVerify, said.
"Apple has at least agreed with the security community's assessment that this presents a clear and present threat to devices that remain unpatched on earlier versions of iOS."
Read more on mobile security threats: Android OS-Level Attack Bypasses Mobile Payment Security
Researchers also warned that the exploit kit was leaked on GitHub, raising concerns that more attackers could begin using it. The attacks can install backdoors and steal sensitive information once a device is compromised.
Apple Takes Unusual Step With Older OS Updates
Apple typically stops delivering updates to older operating systems once new versions are released.
However, this update allows users who remain on iOS 18 to continue receiving critical security patches, rather than forcing a full operating system upgrade.
"The combination of its reliability and accessibility is likely why Apple decided to backport the patch," Vincenzo Iozzo, CEO and co-founder at SlashID, said. "[Still], this leaves a significant portion of the customer base vulnerable."
Apple has also begun sending lock screen notifications to users running older software, urging them to install the latest security updates to protect their devices from active threats.