Apple releases iOS 18.7.7 to block DarkSword, and these iPhone users need to update immediately

Apple has released iOS 18.7.7 and iPadOS 18.7.7 to shield a much larger group of iPhone and iPad users from DarkSword—a hacking toolkit that can quietly ransack a device just from a website visit.

The update is notable for who it covers: millions of users on iOS 18 who own hardware capable of running iOS 26 but have chosen not to upgrade. They've been sitting exposed for two weeks. That changes now.Users with automatic updates enabled get the patch without lifting a finger. Everyone else can update to either iOS 18.7.7 or iOS 26, though Apple would clearly prefer the latter.DarkSword targets iPhones and iPads running iOS 18.4 through 18.7.

Landing on a compromised website—even a legitimate one that's been quietly hacked—is enough. The toolkit then moves fast: messages, call history, browser data, Wi-Fi passwords, location history, and cryptocurrency wallet contents all get siphoned off to a remote server. Researchers at Lookout estimated the entire dwell time on a device at just a few minutes.

It doesn't stick around.

Is your iPhone protected from DarkSword? Here's how to check

Head to Settings > General > Software Update. Install iOS 18.7.7 if it's available, or upgrade to iOS 26.

Apple has also confirmed that Lockdown Mode blocks DarkSword—worth enabling if you're in a higher-risk category.

Apple changed its own security update policy

Apple has long held a simple line on iOS security: update to the latest version, or accept the risk. Backporting fixes to older versions of iOS—especially for devices capable of running the newest one—just wasn't something it did. That's changed twice in the span of a month. Earlier, Apple pushed patches to iOS 17 users to address Coruna, a separate but related hacking toolkit.

Now it's doing the same for iOS 18. Wired reported Apple was preparing the update earlier on Wednesday.The shift matters because the number of iOS 18 holdouts is not small. According to Apple's own data, roughly a quarter of all iPhone and iPad users hadn't upgraded to iOS 26 as of February. Rocky Cole, co-founder of mobile security firm iVerify, noted that not everyone staying on iOS 18 is being stubborn—some rely on apps incompatible with iOS 26, others are resisting age verification features Apple added in the UK, and some simply don't have enough storage to run the update.

DarkSword went from spy tool to open-source hacking kit in days

The pressure to act built quickly. When researchers at Google, iVerify, and Lookout first detailed DarkSword in mid-March, Apple issued patches only for devices too old to run iOS 26. Days later, a newer version of the toolkit appeared on GitHub—unobfuscated HTML and JavaScript with developer comments still intact, explaining exactly how to use it. A security hobbyist confirmed they were able to compromise an iPad mini running iOS 18 with the leaked sample.

No iOS expertise needed.Google's Threat Intelligence Group tracked DarkSword campaigns across Saudi Arabia, Turkey, Malaysia, and Ukraine. A Russian hacker group tied to the FSB was also confirmed to be running phishing campaigns using the tool.