Apple Deploys iOS 18.7.7 Update to Counter DarkSword Hacking Threat
Apple has taken decisive action by releasing iOS 18.7.7 and iPadOS 18.7.7, a critical security update designed to protect a vast number of iPhone and iPad users from the DarkSword hacking toolkit. This malicious software can stealthily infiltrate and ransack devices simply through a visit to a compromised website, posing a severe threat to user privacy and data security.
Expanded Protection for Millions of Holdout Users
The significance of this update lies in its broad coverage, extending to millions of users who are still running iOS 18 on hardware capable of supporting iOS 26 but have opted not to upgrade. These individuals have been vulnerable for approximately two weeks, a period during which their devices were exposed to potential attacks. With this patch, Apple is closing that security gap effectively.
Users with automatic updates enabled will receive the patch seamlessly, requiring no manual intervention. For others, the options are to update to iOS 18.7.7 or upgrade to iOS 26, though Apple strongly encourages the latter for enhanced security and features.
How DarkSword Operates and Its Rapid Impact
DarkSword specifically targets iPhones and iPads running iOS versions 18.4 through 18.7. The attack vector is alarmingly simple: merely landing on a compromised website, which could even be a legitimate site that has been secretly hacked, is sufficient for the toolkit to activate. Once inside, DarkSword moves with remarkable speed, siphoning off sensitive data including messages, call history, browser data, Wi-Fi passwords, location history, and contents from cryptocurrency wallets to a remote server.
Researchers at Lookout have estimated that the entire dwell time of DarkSword on a device is just a few minutes, indicating that it does not linger but instead executes its data theft quickly and efficiently.
Steps to Ensure Your Device is Protected
To check if your iPhone or iPad is safeguarded against DarkSword, follow these steps:
- Navigate to Settings > General > Software Update.
- Install iOS 18.7.7 if it is available, or consider upgrading to iOS 26 for comprehensive protection.
Apple has also confirmed that enabling Lockdown Mode can block DarkSword, making it a worthwhile precaution for users in higher-risk categories or those seeking additional security layers.
A Shift in Apple's Security Update Policy
This update marks a notable departure from Apple's traditional security stance. Historically, the company maintained a straightforward policy: update to the latest iOS version or accept the associated risks. Backporting fixes to older iOS versions, especially for devices capable of running the newest release, was not a common practice.
However, this approach has changed twice within a month. Earlier, Apple provided patches to iOS 17 users to address Coruna, a separate but related hacking toolkit. Now, with iOS 18.7.7, Apple is extending similar protection to a broader user base. Reports from Wired indicated that Apple was preparing this update earlier in the week, underscoring the urgency of the situation.
Why This Policy Change Matters
The shift is crucial because the population of iOS 18 holdouts is substantial. According to Apple's own data, approximately a quarter of all iPhone and iPad users had not upgraded to iOS 26 as of February. Rocky Cole, co-founder of mobile security firm iVerify, highlighted that not all users staying on iOS 18 are doing so out of stubbornness. Many face legitimate barriers, such as reliance on apps incompatible with iOS 26, resistance to age verification features added in the UK, or insufficient storage to accommodate the update.
Rapid Evolution of DarkSword from Spy Tool to Open-Source Threat
The pressure on Apple to act intensified rapidly. When researchers from Google, iVerify, and Lookout first detailed DarkSword in mid-March, Apple initially issued patches only for devices too old to run iOS 26. Shortly after, a newer version of the toolkit appeared on GitHub, presented as unobfuscated HTML and JavaScript with developer comments intact, making it accessible even to those without advanced iOS expertise.
A security hobbyist confirmed successfully compromising an iPad mini running iOS 18 using the leaked sample, demonstrating the toolkit's ease of use and potential for widespread abuse. Google's Threat Intelligence Group tracked DarkSword campaigns across multiple regions, including Saudi Arabia, Turkey, Malaysia, and Ukraine. Additionally, a Russian hacker group linked to the FSB was confirmed to be conducting phishing campaigns utilizing this tool.
This update underscores Apple's proactive response to evolving cybersecurity threats and its commitment to protecting users across different iOS versions, ensuring that even those hesitant to upgrade receive essential security safeguards.
