Overview
- Apple broadened iOS and iPadOS 18.7.7 on Wednesday to cover many more devices so Automatic Updates can deliver DarkSword protections, while urging users to move to iOS 26 for the strongest defense.
- DarkSword is a web-based iPhone exploit kit that takes over a device after a visit to a hacked or booby-trapped site by chaining six flaws across WebKit, Safari, the dynamic loader, and the kernel.
- Researchers say the kit has been used since 2025 in campaigns targeting users in Malaysia, Saudi Arabia, Turkey, Ukraine, and China, with intrusions stealing messages, location data, browser history, and crypto.
- A working DarkSword build posted on GitHub has lowered the bar for more attackers, and investigations link deployments to commercial surveillance vendors and suspected espionage groups using GhostBlade, GhostKnife, and GhostSaber malware.
- Users who keep Automatic Updates off can choose either the patched iOS 18.7.7 or upgrade to iOS 26, and Apple notes Lockdown Mode blocks these web attacks even on older software, reflecting an unusual backport after earlier Coruna fixes.