Apple has pushed a security update to older iPhones and iPads, releasing iOS 18.7.7 and iPadOS 18.7.7 to allow a broader range of devices to “receive important security protections from web attacks called DarkSword,” the company said in an announcement.
DarkSword is a hacking toolkit that can break into Apple devices running iOS 18.4 through 18.7 when a user visits a website hosting the malicious code, including legitimate sites that have been breached; the exploits can steal messages, browser histories, location data and cryptocurrency and upload that data to servers controlled by attackers.
Related reading
- Meta loses two jury trials over failure to police platform harms as internal research becomes liability
- Apple issues iOS 18 security update for older iPhones
- Apple buys Polish video editing plug-in maker MotionVFX in push to challenge Adobe
Security researchers have observed the tools in attacks against users in China, Malaysia, Turkey, Saudi Arabia and Ukraine, and they warn that publication of the toolkit online means anyone can now use it to target older unpatched devices. Apple said users running its latest software, iOS 26, were protected weeks ago and that it had already issued a separate update for iOS 18 users whose devices cannot run iOS 26.
With this release, Apple has provided DarkSword fixes for the millions of users who can update to iOS 26 but have chosen not to, some of whom have avoided the update to sidestep the software’s new “liquid glass” interface, the company said. Apple said customers with automatic software updates enabled should receive the new software, and the firm added that its optional Lockdown Mode also defends against DarkSword; the company told TechCrunch last week that it is unaware of any successful government spyware attack against an Apple device running Lockdown Mode.
The recap
- Apple releases iOS 18.7.7 and iPadOS 18.7.7 updates.
- DarkSword targets devices running iOS 18.4 through 18.7.
- Users with automatic updates should receive the software.
