Apple releases security patch for older iPhones and iPads to block DarkSword attacks: Here’s how to update

Apple has pushed an unusual security update to iPhones and iPads still running iOS 18, expanding protection against a web-based hacking toolkit known as DarkSword that has already been used to compromise devices across multiple countries.

The update — iOS 18.7.7 and iPadOS 18.7.7 — allows a broader range of devices to receive protection from DarkSword, a toolkit that can break into an iPhone simply by a user visiting a compromised website. The exploits steal device data including messages, browser history, location data, and cryptocurrency, uploading it to attacker-controlled servers. 

The rollout happened in two waves. On March 24, the update first went out to devices that cannot run iOS 26 at all — including the iPhone XS, XS Max, XR, and 7th-generation iPad. On April 1, Apple extended the same update to all compatible iPhones and iPads that support iOS 26 but have not yet been upgraded. 

How to install the update: 

iPhone users can install the update by opening Settings, going to General, and selecting Software Update. Apple continues to encourage all users with supported devices to upgrade to iOS 26 for the most comprehensive protections available. Apple also confirmed that its optional Lockdown Mode feature defends against DarkSword attacks and said it is unaware of any successful government spyware attack against a device running Lockdown Mode. 

All about DarkSword: 

DarkSword is not a conventional piece of malware. It is a ready-made attack toolkit built to exploit specific weaknesses in Apple’s mobile software — and it requires almost no technical skill to deploy.

Any iPhone or iPad running iOS 18.4 through 18.7 is at risk. The attack does not need a suspicious app download or a phishing link. A user simply needs to land on a website carrying the malicious code — and that includes entirely legitimate sites that have been quietly compromised without their owners knowing. From that single page visit, DarkSword takes over.

Once inside a device, the toolkit goes straight for high-value data. Text messages, web browsing history, precise location records, and stored cryptocurrency are all in its reach. Everything it pulls gets sent directly to servers controlled by the attackers — silently, with no visible sign on the victim’s screen.