Apple has now made it possible for most iPhones running iOS 18 to receive updates that protect against the DarkSword exploit kit.
“We enabled the availability of iOS 18.7.7 on more devices on April 1, 2026, so that users with automatic updates turned on can automatically receive critical protection against a web attack called DarkSword,” reads a note in the iOS 18.7.7 security patch update.
“Fixes related to the DarkSword exploit were first shipped in 2025.”
In March, researchers from Lookout, Verify, and Google Threat Intelligence revealed a new “DarkSword” kit targeting iPhones running iOS 18.4 to 18.7.
The six vulnerabilities used by the DarkSword exploit kit are tracked as CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-32520-325.
While iOS is often used in highly targeted spyware campaigns, this iOS exploit kit has been used more widely, including by Turkish commercial vendor PARS Defense, a threat actor tracked as UNC6748, and a suspected Russian spy group tracked as UNC6353.
In this attack, GTIG saw three different families of information-stealing malware installed on victims’ devices: a very aggressive JavaScript infostealer called GhostBlade, the GhostKnife backdoor, and the GhostSaber JavaScript malware, which can execute code and steal data.
Since July 2025, with the release of iOS 18.6, Apple has been fixing bugs as they are revealed in security updates pushed to compatible devices.
Source: GTIG
However, at the end of 2025, Apple stopped providing iOS 18 updates to new devices capable of running the new iOS 26.
For those who decided not to upgrade and stay on iOS 18, the availability of security updates has been limited, as new devices no longer receive patches for the DarkSword vulnerability released in 2026.
Since then, only a small number of devices remained able to receive iOS 18 updates, and the last update of 18.7.6 was given only to iPhone XS, iPhone XS Max, and iPhone XR devices.
To make matters worse, a researcher released the DarkSword exploit kit on GitHub last month, making it accessible to other malicious actors who wanted to target older iPhones.
Today, Apple released iOS 18.7.7 to make it available to many devices that want to stay on the old operating system while remaining protected from the latest threats.
Devices eligible to receive the new update now include iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (second generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (third generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all generations), iPad7th generation, iPad7th mini7 – A16), iPad Air (third – 5th generation), iPad Air 11-inch (M2 – M3), iPad Air 13-inch (M2 – M3), iPad Pro 11-inch (first generation – M4), iPad Pro 12.9-inch (3rd – 6th generation), and iPad Pro 13-inch (M4).
iPhone users still running iOS 18 with automatic updates enabled will now get the latest version and protection against the DarkSword exploit kit.
Automatic logging proves that the path exists. BAS proves that your controls are stopping you. Many teams run without each other.
This white paper outlines six areas of validation, indicates where coverage ends, and provides clinicians with three diagnostic questions for any screening tool.
