Apple has released iOS 18.7.7 and iPadOS 18.7.7 with an important security fix targeting the DarkSword exploit, and this update now reaches more iPhones beyond its earlier limited rollout, ensuring that users who stayed on iOS 18 still receive protection against a serious web-based attack.
The update fixes a vulnerability that allows attackers to take control of an iPhone when a user visits a compromised website, making it a high-risk issue because it requires no direct interaction beyond loading malicious code. Apple has already confirmed that devices running iOS 26 remain protected from this exploit.
More devices
Apple initially limited iOS 18.7.7 to older models like iPhone XS and XR, but it has now expanded availability so more devices can receive the update automatically, especially for users who have enabled automatic updates and have not upgraded to iOS 26.
Apple is making this update available to ensure broader protection, even for users who have chosen to stay on older software versions.
“Note: We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword. The fixes associated with the DarkSword exploit first shipped in 2025. Devices with older versions of iOS 18 will receive an additional alert to install a Critical Security Update.”
DarkSword has already been used by hacker groups to target iPhone users in countries including Malaysia, Saudi Arabia, Turkey, and Ukraine, and its presence on GitHub has made the exploit easier for attackers to access, increasing the urgency of installing this update.
Apple still encourages users to move to iOS 26 for stronger protection, but this release ensures that even those staying on iOS 18 receive critical defenses against active threats.