{"id":469,"date":"2026-04-02T08:25:54","date_gmt":"2026-04-02T08:25:54","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=469"},"modified":"2026-04-02T08:25:54","modified_gmt":"2026-04-02T08:25:54","slug":"apple-expands-ios-18-7-7-update-to-more-devices-to-block-darksword-exploit","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=469","title":{"rendered":"Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Apr 02, 2026<\/span><\/span><span class=\"p-tags\">Mobile Security \/ Vulnerability<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhOPIq2XjzxLFTE4iwZWuKsLifOBVn0sVZv2vDEl0D3eXsyiW8ePJH7ukb29zq7gb7-7fJy8WjCRC5e-sYoMLXT4ZE-12llaj0H76qjygPmEl7cuGiC4jrLaMdDX5M55YsuYhdtbn8k5gCosH-JwHU3H-b7ho_5Lvg4pjoKf2Lz39lOumTGuxldWK1YQvfJ\/s1700-e365\/apple-update.jpg\" style=\"clear: left; display: block; float: left;  text-align: center;\"><\/a><\/div>\n<p>Apple\u00a0on\u00a0Wednesday <a href=\"https:\/\/support.apple.com\/en-us\/126793\">expanded<\/a> the availability of iOS 18.7.7\u00a0and iPadOS 18.7.7\u00a0to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known\u00a0as DarkSword.<\/p>\n<p>\u00abWe enabled the availability of iOS 18.7.7\u00a0for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword,\u00bb the company said. \u00abThe fixes associated with the DarkSword exploit first shipped in\u00a02025.\u00bb<\/p>\n<p>The\u00a0update is available for the following devices\u00a0&#8211;<\/p>\n<ul>\n<li>iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (2nd generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (3rd generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), and iPhone 16e<\/li>\n<li>iPad mini (5th generation &#8211; A17 Pro), iPad (7th generation &#8211; A16), iPad Air (3rd &#8211; 5th generation), iPad Air 11-inch (M2 &#8211; M3), iPad Air 13-inch (M2 &#8211; M3), iPad Pro 11-inch (1st generation &#8211; M4), iPad Pro 12.9-inch (3rd &#8211; 6th generation), and iPad Pro 13-inch (M4)<\/li>\n<\/ul>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/vpn-risk-report-inside-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgWajeG0cdaapf1GKTZRUZUB7BzuYGegyw5k0eAorJXlmkFdYCCeLXXhXYJuXU9lWD33rV6rRnIyly3czoNfYifpxk1eGA5slItPmim3HkubXoQMgC4J7hdQPywxGbWq7Eqeff_o6s2Fq-WmSFd5guwdLn7IqpveMqULqtVnd-ndnljWYGj45EkMFB7m0qm\/s728-e100\/z-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The\u00a0latest update aims to cover devices that have the capability to update to iOS 26 but are still on older versions. Apple\u00a0first released iOS 18.7.7\u00a0and iPadOS 18.7.7\u00a0on March 24, 2026, but only for iPhone XS, iPhone XS Max, iPhone XR, and iPad 7th generation.<\/p>\n<p>Last\u00a0month, the company\u00a0also urged users to\u00a0update older devices to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15\u00a0to address some of the exploits that were used in DarkSword and another exploit kit\u00a0called Coruna.\u00a0<\/p>\n<p>While\u00a0Apple is known to backport fixes for older devices depending on the criticality of the vulnerabilities, the move to allow iOS 18 users to patch their devices without having to update to the latest operating system version marks an unusual departure for the tech\u00a0giant.<\/p>\n<p>In\u00a0a\u00a0statement <a href=\"https:\/\/www.wired.com\/story\/apple-will-push-out-rare-backported-patches-to-protect-ios-18-users-from-darksword-hacking-tool\/\">shared<\/a> with WIRED, an Apple spokesperson said it was expanding the update to more devices to help them stay protected. Users\u00a0who do not have auto-update enabled will have the option to either update to the latest, patched version of iOS 18 or to iOS\u00a026.<\/p>\n<p>The\u00a0rare step comes weeks after Google Threat Intelligence Group (GTIG), iVerify, and Lookout shared details of an iOS exploit kit called DarkSword that has been put to use in cyber attacks targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine since July 2025. The\u00a0kit is capable of targeting iOS and iPadOS devices running versions between iOS 18.4\u00a0and\u00a018.7.<\/p>\n<p>The\u00a0attack gets triggered when a user running a vulnerable device visits a legitimate-but-compromised website that hosts the malicious code as part of what&#8217;s called a watering hole attack. Once\u00a0launched, the attacks have been found to deploy backdoors and a dataminer for persistent access and information\u00a0theft.\u00a0<\/p>\n<p>It&#8217;s currently not known how the advanced hacking tool came to be shared by multiple threat actors. A\u00a0newer version of the kit has since been leaked on the code-sharing site GitHub, fueling concerns that more threat actors could jump on the exploitation bandwagon.<\/p>\n<p>The\u00a0discovery also highlights that powerful spyware for iPhones may not be as rare as previously thought, and that they could become attractive tools for mass exploitation.<\/p>\n<p>As\u00a0of last week,\u00a0Apple began\u00a0issuing Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the latest\u00a0updates.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/fast-response-not-fast-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjgi9mu68zRUz1nCLLKmkAA2aBtNfP_JOTXulZoB6yImso1Onk7oM_LI0kdROu8fq5S5oDyMtd1j50W44Ye_8Sl3zQZiE8A9tmFr6kejGKjGh74uoxluF-RyBq_unDQlzjXZHCqQeuYXBoogda5zf0w-zXd6v0rIM7fEw6TcFf_QGWBu5Mop-djkEaOUa5A\/s728-e100\/tl-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>Proofpoint and Malfors also revealed that another Russia-linked threat actor known as COLDRIVER (aka TA446)\u00a0has exploited the DarkSword kit to deliver the GHOSTBLADE data stealer malware in attacks targeting government, think tank, higher education, financial, and legal\u00a0entities.<\/p>\n<p>\u00abDarkSword silently steals vast amounts of user data purely because the user Now visited a real (but compromised) website,\u00bb Rocky Cole, co-founder and COO at iVerify, said in a statement shared with The Hacker News. \u00abApple has at least agreed with the security community&#8217;s assessment that this presents a clear and present threat to devices that remain unpatched on earlier versions of iOS, which roughly 20% of people are still\u00a0running.\u00bb<\/p>\n<p>\u00abLeaving those users exposed would be a hard decision to defend, particularly for a company that centers its brand around security and privacy. Backporting patches to older iOS versions seems like the least they can\u00a0do in lieu\u00a0of providing a security framework for outside developers. The\u00a0fact is that patching is too little too late when 0-days are involved, and the exploit market is\u00a0booming.\u00bb<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Apr 02, 2026Mobile Security \/ Vulnerability Apple\u00a0on\u00a0Wednesday expanded the availability of iOS 18.7.7\u00a0and iPadOS 18.7.7\u00a0to a broader range of devices to protect users from the risk posed by a&hellip;<\/p>\n","protected":false},"author":1,"featured_media":470,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1028,618,1009,752,175,206,120,428,1029],"class_list":["post-469","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-18-7-7","tag-apple","tag-block","tag-darksword","tag-devices","tag-expands","tag-exploit","tag-ios","tag-update"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/469","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=469"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/469\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/470"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=469"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}