DarkSword Hack: Urgent iPhone Security Update Released by Apple

April 2, 2026 Rachel Kim – Technology Editor Technology

Apple released security updates on Wednesday, April 1, 2026, to address a recently discovered exploit, dubbed DarkSword, that allows for the remote installation of malware on iPhones. The updates, including iOS 18.7.7 and iPadOS 18.7.7, represent a rare instance of Apple “backporting” security patches to older operating system versions.

The DarkSword exploit, first revealed in March by researchers at Lookout, iVerify, and Google Threat Intelligence, targets iPhones running iOS 18.4 through 18.7. It compromises devices simply by visiting a maliciously crafted website. The exploit utilizes six vulnerabilities, identified as CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520.

While Apple addressed DarkSword in iOS 26, released last September, a significant number of users remained on iOS 18, either due to hardware limitations or a preference for the older operating system. An estimated 16 to 20 percent of newer iPhones were still running iOS 18 as of this week, according to reports. Some users have publicly stated their reluctance to upgrade to iOS 26 due to concerns about the new Liquid Glass interface.

Initially, Apple’s December patch, iOS 18.7.3, only addressed the vulnerability for iPhone XS and XR models, which do not support iOS 26. Wednesday’s update expands the protection to a wider range of devices, including the iPhone 11 through iPhone 16 and the second-generation iPhone SE. Apple stated that users with Automatic Updates enabled will receive the security protections automatically.

The DarkSword exploit has been linked to multiple threat actors, including the Turkish commercial surveillance vendor PARS Defense (tracked as UNC6748) and a suspected Russian espionage group (tracked as UNC6353). These actors have deployed malware families such as GhostBlade, GhostKnife, and GhostSaber on compromised devices, used for information theft. The exploit kit was actively used in attacks since July 2025.

According to an Apple spokesperson, the company is taking the unusual step of providing security updates for older iOS versions to protect users who have not yet upgraded to iOS 26. This practice, known as “backporting,” is uncommon for Apple, which typically encourages users to update to the latest operating system to receive security fixes. The company told Wired that it would issue software updates to protect iOS 18 users from the hacking technique.

Users can manually install iOS 18.7.7 by navigating to Settings > General > Software Update and selecting the update from the “Also Available” section.