iOS 18.7.7 Update - Shields Users from DarkSword Exploit
Basically, Apple updated older iPhones to fix a serious security flaw that could steal personal information.
Apple has expanded the iOS 18.7.7 update to more devices to combat the DarkSword exploit. This critical update protects millions of users from data theft. Users are urged to update their devices to ensure their security.
What Happened
On April 1, 2026, Apple made a significant move by expanding the availability of the iOS 18.7.7 and iPadOS 18.7.7 updates. This decision was made to protect users from the DarkSword exploit, a sophisticated attack capable of silently stealing sensitive information. The update was initially released on March 24, 2026, but was extended to cover a broader range of devices, a rare policy shift for Apple.
The Flaw
The DarkSword exploit is a fully weaponized iOS exploit kit that targets devices running iOS 18.4 through 18.7. It leverages a chain of six vulnerabilities, including flaws in JavaScriptCore, dyld, and the iOS sandbox. This allows attackers to execute code at the kernel level without any user interaction beyond visiting a malicious website. Once activated, DarkSword can exfiltrate various types of sensitive data, including passwords, messages, and even health information.
What's at Risk
The vulnerabilities exploited by DarkSword pose a significant risk to approximately 20% of users still on iOS 18. This includes millions of devices, particularly older models like the iPhone XR through iPhone 16e and various iPad models. The toolkit was first identified in active campaigns as early as November 2025, and a public leak on GitHub in March 2026 has made it easier for less sophisticated attackers to utilize it.
Patch Status
The iOS 18.7.7 update includes patches for over 20 vulnerabilities, addressing critical system components. Some notable CVEs include:
- CVE-2026-28865: An authentication flaw that could allow attackers to intercept network traffic.
- CVE-2026-20687: A use-after-free bug in the kernel that could lead to unexpected system behavior.
- Multiple vulnerabilities in WebKit that could enable cross-site scripting and other attacks.
Apple has backported these patches from previous updates to ensure that users on older versions are protected.
Recommended Actions
Users with Automatic Updates enabled will receive the iOS 18.7.7 update automatically. For those who do not have this feature turned on, it is crucial to manually check for updates. Additionally, Apple recommends upgrading to iOS 26.3 or later for comprehensive long-term protection against all DarkSword-related vulnerabilities. Users can also enable Lockdown Mode for enhanced security, especially if they are at higher risk.
This proactive approach by Apple highlights the importance of keeping devices updated, especially when facing sophisticated threats like DarkSword. By expanding the availability of critical updates, Apple is taking steps to protect its users and mitigate potential risks associated with outdated software.