Millions gained an unexpected security option this week as Apple expanded critical patches to older software, breaking from its typical update policy. The company enabled iOS 18.7.7 for a broader range of devices on April 1, 2026, protecting against the DarkSword exploit kit that first emerged in 2025.
The update now covers iPhone XR through iPhone 16e models, plus multiple iPad generations dating back to the fifth-generation iPad mini with A17 Pro chip.
Those with Automatic Updates turned on receive the security protections automatically against web attacks called DarkSword. People who manually manage updates face a new choice: install the patched version of iOS 18 or upgrade directly to iOS 26.
This marks an unusual departure for Apple, which historically pushes people toward the latest operating system rather than backporting fixes to older major releases. The company first released iOS 18.7.7 and iPadOS 18.7.7 on March 24, but only for iPhone XS, iPhone XS Max, iPhone XR, and seventh-generation iPad devices.
DarkSword represents a clear threat targeting devices running iOS and iPadOS between 18.4 and 18.7, according to security researchers who disclosed the exploit kit last year. The attack triggers when people visit legitimate-but-compromised websites in what security professionals call watering hole attacks.
Once activated, it deploys backdoors and data miners for persistent access and information theft from affected devices. Google Threat Intelligence Group, iVerify, and Lookout previously documented DarkSword campaigns targeting individuals in Saudi Arabia, Turkey, Malaysia, and Ukraine since July 2025.
"DarkSword silently steals vast amounts of user data purely because the user visited a real but compromised website,"
said Rocky Cole, co-founder and COO at iVerify in a statement shared with The Hacker News.
Apple began issuing Lock Screen notifications last week to iPhones and iPads running older iOS and iPadOS versions, alerting people about web-based attacks and urging them to install updates immediately. The expanded availability addresses approximately one-fifth of iPhone owners still running earlier software who would otherwise remain exposed without this backported patch.
