Apple has broadened the release of iOS 18.7.7 and iPadOS 18.7.7 in an unusual security move aimed at shielding iPhone and iPad users from DarkSword, a web-based exploit chain that researchers say has been used by multiple threat actors and can compromise devices through malicious or hacked websites. The company first issued the software on March 24, 2026, and expanded availability on April 1 so more users with Automatic Updates enabled could receive the protections without waiting for a full operating system upgrade. The update matters because Apple is not only patching older hardware, but also extending protection to many devices capable of running its newer software while they remain on iOS 18. Apple’s security advisory lists coverage for models from the iPhone XR, XS and XS Max through the iPhone 16 line and 16e, along with a broad range of iPads including later iPad Air, iPad Pro and iPad mini models. That breadth signals a wider attempt to close exposure among users who have not moved to the latest major release but still face an active web-borne threat.
DarkSword itself has drawn attention because of how it spreads and who appears to be using it. Google Threat Intelligence Group said on March 18 that it had identified DarkSword as a full-chain iOS exploit leveraging multiple zero-day flaws, and said it had observed the tool in use since at least November 2025 by commercial surveillance vendors and suspected state-backed actors in separate campaigns. Reports from the cyber security sector indicate the exploit chain can be delivered when a target visits a malicious website, allowing intruders to extract messages, browsing history, location data and other sensitive material.
Apple has not publicly framed the release in dramatic terms, but its advisory makes clear that web security is central to the fix. The bulletin describes several WebKit-related weaknesses, including flaws that could allow maliciously crafted web content to bypass the Same Origin Policy, defeat Content Security Policy enforcement, or access script message handlers meant for other origins. Those are the sort of browser and rendering weaknesses that can turn a simple web visit into the opening step of a deeper intrusion.
What makes the rollout notable is the change in Apple’s normal practice. The company stated that it enabled iOS 18.7.7 for more devices on April 1 so users with Automatic Updates turned on could automatically receive protection from web attacks called DarkSword. Coverage by specialist technology publications has characterised the move as a rare backport of protections to users who stayed on iOS 18 despite owning hardware that could upgrade further, reflecting pressure on vendors to secure holdout devices when a threat is already circulating in the wild.
That policy shift is significant beyond Apple’s immediate customer base. Mobile security researchers have long argued that the gap between the latest supported operating system and the version many users actually run creates a window that attackers can exploit. Some consumers delay major updates because of app compatibility, enterprise software requirements, storage limits or plain preference. By broadening 18.7.7 instead of insisting that all eligible users jump straight to the newest platform, Apple appears to be recognising a more fragmented reality in the device ecosystem.
There is also an important nuance in Apple’s own wording. The support note says the fixes associated with the DarkSword exploit first shipped in 2025, suggesting that parts of the defensive work had already appeared in other branches of the company’s software. What changed now was the decision to make those protections more widely available to users still on the iOS 18 track. That helps explain why the company could move quickly to extend the patch once the threat gained wider public attention.
Topics
Technology