Apple releases critical update for older iPhones, blocking DarkSword attacks
What's the story
Apple has released a critical security update for its older iPhone and iPad models. The new software, dubbed iOS 18.7.7 and iPadOS 18.7.7, is aimed at protecting users from a growing threat targeting Apple users on older devices. The move comes after security researchers warned that the leaked DarkSword toolkit could be easily used by hackers to exploit vulnerable devices.
Security risk
DarkSword toolkit can compromise devices by merely visiting a website
The DarkSword toolkit is a hacking tool that can compromise Apple devices running iOS 18.4 to 18.7 simply by visiting a website hosting the malicious code. The exploits steal personal data such as messages, browser histories, location data, and cryptocurrency from the device and upload it to a server controlled by hackers. The toolkit has already been used in attacks against users in China, Malaysia, Turkey, Saudi Arabia, and Ukraine.
Update rollout
Updates available via Apple's security releases page
Apple has made iOS 18.7.7 and iPadOS 18.7.7 available on April 1 via its security releases page. The updates bring critical protections against web-based attacks linked to DarkSword for a wider range of Apple devices. These fixes were first introduced in 2025 but are now being extended to more devices, including those running the latest iOS version (iOS 26) and those that haven't upgraded yet due to interface changes like Liquid Glass.
Spyware details
DarkSword exploits multiple undiscovered vulnerabilities to steal data
The DarkSword spyware is a full-chain exploit that uses multiple undiscovered vulnerabilities to take complete control of devices. It was recently released as a toolkit on code-sharing platforms, chaining together several bugs to go from a webpage to full access of the phone. Security researchers say DarkSword is designed to steal sensitive data from compromised devices such as contacts, messages, call history and iOS Keychain data including passwords and other credentials.