On April 1, 2026, Apple expanded the reach of its iOS 18.7.7 and iPadOS 18.7.7 updates to include a wider array of devices, aiming to shield users from the DarkSword exploit. This critical security update is designed to protect millions of users still operating on iOS 18, who are vulnerable to this complex, web-based exploit capable of covertly exfiltrating sensitive user data.
Understanding the DarkSword Threat
Originally identified in November 2025 by Google’s Threat Intelligence Group alongside iVerify and Lookout, DarkSword is a sophisticated iOS exploit kit. It targets devices running iOS versions 18.4 through 18.7, exploiting six distinct vulnerabilities. These include flaws in JavaScriptCore, dyld, and the iOS sandbox, enabling attackers to execute full kernel-level code without user interaction beyond visiting a compromised website.
Once activated, DarkSword rapidly extracts passwords, messages, browsing history, location information, cryptocurrency wallet contents, and even Apple Health data before erasing evidence of its presence.
Public Exposure and Increased Threat
The threat posed by DarkSword intensified in March 2026, following its public leak on GitHub, which simplified its use for less experienced malicious actors. Commercial surveillance firms and alleged state-sponsored entities had already utilized it against targets in countries like Saudi Arabia, Turkey, Malaysia, and Ukraine.
In response, Apple initially released iOS 18.7.7 on March 24, 2026, and broadened its availability on April 1, 2026, highlighting the urgency of mitigating the DarkSword threat.
Security Measures and Recommendations
This update marks a significant policy shift for Apple, which typically requires users to adopt the latest iOS versions to receive security fixes. Now, approximately 20% of iOS 18 users can receive critical patches originally developed in 2025.
The update addresses over 20 vulnerabilities across key system components, including:
- 802.1X authentication flaws (CVE-2026-28865)
- Kernel vulnerabilities (CVE-2026-20687, CVE-2026-28867, CVE-2026-28868)
- Security Framework permissions issues (CVE-2026-28864)
- WebKit bugs allowing cross-site scripting and other attacks (CVE-2026-28861, CVE-2026-20643, CVE-2026-20665, CVE-2026-28871)
- AppleKeyStore and CoreMedia flaws (CVE-2026-20637, CVE-2026-20690)
The update is available for a wide range of devices, from the iPhone XR to the iPhone 16e, and various iPad models. Devices with Automatic Updates enabled will receive the update automatically.
For users at higher risk, Apple’s Lockdown Mode offers additional protection against DarkSword. However, for comprehensive long-term security, Apple advises upgrading to iOS 26.3 or later, where all DarkSword-related issues are fully resolved.
Stay informed with our cybersecurity updates by following us on Google News, LinkedIn, and X. Contact us to share your stories.
