Apple Just Rescued Old iPhones From a Dangerous Spyware Tsunami

Apple has pushed a critical iOS 18.7.7 update to a wide range of older iPhones to defend against the widespread DarkSword exploit kit, which has been used by spyware vendors and espionage groups since 2025. The move reverses a decision that left many users unprotected simply because they hadn't upgraded to newer iOS versions.

Key Takeaways

• Apple is now pushing iOS 18.7.7 to many older iPhones that were previously excluded from updates
• The DarkSword exploit kit has been actively used since 2025 by spyware vendors and state-linked hackers
• Six critical vulnerabilities allowed attackers to steal data via malicious websites
• A public release of the exploit code forced Apple to act to protect holdout iOS 18 users
• iPhones from the XR all the way up to the 16e are now covered by the security patch

In This Article

• The DarkSword Threat: Not Just Another iPhone Exploit
• How DarkSword Hijacks Your iPhone
• Why Apple Suddenly Changed Course
• Which iPhones Finally Get Protection?

The DarkSword Threat: Not Just Another iPhone Exploit

Forget your usual stealthy spyware campaign — DarkSword isn't playing small. This exploit kit has been making waves not just for its sophistication, but for how widely it's been deployed. Unlike most iOS attacks that target a handful of high-profile individuals, DarkSword went broad, hitting everyday users through compromised websites.

• DarkSword targets devices via drive-by downloads — no clicks needed, just visiting a malicious page can trigger infection
• It weaponizes six zero-day flaws in iOS 18.4 to 18.7, allowing near-total device takeover
• Security firms linked the attacks to PARS Defense, a Turkish surveillance tech provider, and two hacker groups: UNC6748 and the suspected Russian-backed UNC6353

How DarkSword Hijacks Your iPhone

So what makes DarkSword so dangerous? It's not one flaw, but a chain of six vulnerabilities working together to sneak past Apple's defenses. Once inside, it deploys nasty malware that spies, steals, and gives attackers remote control.

• CVE-2025-31277 and others in the chain bypass iOS memory protection, letting hackers run unauthorized code
• Attackers used GhostBlade, a JavaScript stealer, to harvest passwords, messages, and browsing data
• GhostKnife and GhostSaber malware followed, enabling long-term spying and command execution on infected devices

Why Apple Suddenly Changed Course

Back in late 2025, Apple stopped issuing iOS 18 updates for devices capable of running iOS 26 — a standard practice to push users toward newer, more secure systems. But that left millions stuck on iOS 18 exposed, especially after a researcher leaked the full DarkSword toolkit online.

• Only iPhone XS, XS Max, and XR were getting updates before today, leaving newer-but-not-latest phones vulnerable
• The public release of DarkSword on GitHub made it easy for criminals to launch their own attacks
• Apple’s reversal shows how serious the threat became — even 'older' iPhones are still in wide use and worth protecting

Which iPhones Finally Get Protection?

Good news: Apple’s iOS 18.7.7 update now rolls out to a massive list of devices, many of which were deliberately cut off from security patches just months ago. If you’re holding onto iOS 18, you’re probably covered.

• Eligible models now include iPhone 11 through iPhone 16 (all variants), plus iPhone SE (2nd and 3rd gen) and even the iPhone 16e
• iPad users aren’t left out — multiple iPad Air, iPad Pro, and iPad mini models with A16 chip or newer are included
• Automatic Updates users will get patched silently; others should manually check Settings > General > Software Update

“We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword”

— Apple, iOS 18.7.7 Changelog

Final Thoughts

Apple’s unexpected expansion of iOS 18.7.7 support is a win for users who aren’t ready to jump to the latest OS. It’s a rare admission that security shouldn’t be a privilege reserved for early upgraders — especially when powerful exploit kits like DarkSword are circulating online. As threats evolve, Apple may need to rethink how it handles updates for older but still widely used devices.

Sources & Credits

Originally reported by BleepingComputer