Apple Widens iOS 18.7.7 Rollout to Block DarkSword Exploit

April 2, 2026 Faeem BLOGS 0

Apple has expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices, aiming to protect users from the DarkSword exploit kit that has been actively used in cyberattacks since mid-2025. The move underscores Apple’s unusual but necessary decision to backport fixes to older iOS versions, ensuring wider coverage against a persistent threat.

What’s New

  • Expanded device coverage: Now available for iPhone XR through iPhone 16e, multiple iPad generations including iPad Air and iPad Pro models.
  • Automatic updates: Users with auto-update enabled will receive protections seamlessly.
  • Manual option: Those without auto-update can choose to install iOS 18.7.7 or upgrade to iOS 26.

The DarkSword Threat

  • Exploit kit origins: First disclosed in 2025, targeting iOS versions between 18.4 and 18.7.
  • Attack method: Watering hole attacks via compromised legitimate websites.
  • Payloads: Backdoors and dataminers for persistent access and information theft.
  • Targets: Users in Saudi Arabia, Turkey, Malaysia, and Ukraine.
  • Recent activity: Russia-linked group COLDRIVER (TA446) leveraged DarkSword to deliver GHOSTBLADE stealer malware against government, think tank, financial, and legal entities.

Why Apple’s Move Matters

  • Unusual backporting: Apple typically pushes users to the latest OS, but here it expanded protections to older iOS 18 builds.
  • Security-first branding: Leaving ~20% of users unpatched would undermine Apple’s reputation for privacy and security.
  • Industry concern: The leak of newer DarkSword versions on GitHub raises fears of mass adoption by additional threat actors.

Defensive Guidance

  • Update immediately: Install iOS 18.7.7 or iOS 26 to block DarkSword exploits.
  • Enable auto-updates: Ensure devices receive patches without delay.
  • Monitor alerts: Apple has begun issuing Lock Screen notifications to warn users of web-based attacks.
  • Stay vigilant: Treat compromised websites as potential watering hole vectors.

Final Thought

Apple’s decision to broaden the rollout of iOS 18.7.7 reflects the seriousness of the DarkSword exploit kit. With advanced spyware now spreading beyond niche use cases, patching older devices is no longer optional — it’s essential. The lesson is clear: in the age of leaked exploit kits and booming 0-day markets, timely updates are the frontline defense.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.