Apple expands iOS 18.7.7 to more devices to block DarkSword web attacks
4 min. read 
Published on
Apple has expanded iOS 18.7.7 and iPadOS 18.7.7 to more devices after security researchers identified web-based attacks called DarkSword targeting older iPhone software. Apple says the wider rollout started on April 1, 2026, so users with Automatic Updates turned on can receive the protections automatically.
This is not a brand-new patch. Apple says the fixes tied to DarkSword first shipped in 2025, but it widened iOS 18.7.7 availability so more users still on iOS 18 can get them without jumping immediately to a newer major release.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
Apple also makes the risk clear. The company says these were web-based attacks that targeted out-of-date versions of iOS through malicious web content, meaning a bad link or a compromised website could put user data at risk on an unpatched device.
Apple is pushing older iOS users to update now
Apple says users already running the latest updated versions of iOS 15 through iOS 26 are protected. For iPhone owners still on older iOS 18 builds, Apple has now enabled iOS 18.7.7 for more devices and says those devices will also receive an additional alert to install a Critical Security Update.
That makes this rollout unusual, even by Apple standards. The support note does not frame iOS 18.7.7 as a normal maintenance update. Instead, Apple ties the wider availability directly to protection from DarkSword web attacks and to the need to shield users who have not yet moved to the newest software branch.
Apple still says the best option is to move to the latest version of iOS 26 if the device supports it, because that release carries the strongest security protections. At the same time, Apple is giving iOS 18 users a more direct path to protection instead of leaving them exposed while they delay a major upgrade.
What iOS 18.7.7 actually fixes
Apple’s security page for iOS 18.7.7 lists a broad set of patched issues across system components, not just one browser flaw. The release includes fixes in areas such as 802.1X, AppleKeyStore, Audio, Clipboard, CoreMedia, CoreUtils, Crash Reporter, Kernel, Security Framework, and WebKit.
Several of the listed issues could expose sensitive data, crash processes, leak kernel memory, or weaken browser security boundaries. Apple’s note also shows that some of the bugs involved malicious web content, which lines up with the company’s separate warning about web-based DarkSword attacks.
One important detail from Apple’s note is that the expanded availability covers far more hardware than the original limited iOS 18.7.7 listing suggested. Apple now shows support reaching from iPhone XR, XS, and XS Max through newer iPhone 11, 12, 13, 14, 15, and 16 models, plus supported iPads across several generations.
Key security changes in Apple’s note
| Area | Apple’s summary |
|---|---|
| 802.1X | A privileged network attacker may be able to intercept traffic |
| AppleKeyStore | An app may be able to cause unexpected system termination |
| Audio | Malicious web content may trigger an unexpected process crash |
| Clipboard | An app may be able to access sensitive user data |
| CoreMedia | A crafted media file may terminate the process |
| Kernel | Multiple flaws could leak kernel state or memory |
| Security Framework | A local attacker may be able to access Keychain items |
| WebKit | Multiple web content issues could affect browser security |
Source: Apple security content for iOS 18.7.7 and iPadOS 18.7.7.
What users should do right now
- Update to the latest iOS 26 release if your device supports it. Apple says it offers the strongest protections.
- If you are staying on iOS 18, install iOS 18.7.7 immediately. Apple expanded it on April 1 specifically for these protections.
- Turn on Automatic Updates so critical security fixes arrive faster.
- Keep Safari protections enabled. Apple says Safe Browsing blocks the malicious URL domains identified in these attacks and is on by default.
- Enable Lockdown Mode if you are a higher-risk user or cannot update right away. Apple says it protects against these specific attacks even on out-of-date software, though you should still update as soon as possible.
FAQ
Apple describes DarkSword as a set of web-based attacks targeting out-of-date iOS versions through malicious web content. Apple’s public notes do not provide the kind of detailed exploit-chain breakdown seen in some secondary reports.
Yes. Apple says it enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive the protections.
Not necessarily. Apple says devices with the latest updated versions of iOS 15 through iOS 26 are already protected. Still, Apple recommends moving to the latest iOS 26 version when possible because it offers the strongest security protections.
Yes. Apple says devices with Lockdown Mode enabled are protected from these specific attacks, even on out-of-date software, although Apple still advises updating to the latest iOS version as soon as possible.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages