Apple Updates Very Old iPhones for DarkSword: iOS 18.7.7 Released
Apple Updates Very Old iPhones for DarkSword: iOS 18.7.7 Released
Apple has officially extended the availability of the iOS 18.7.7 update, making it accessible to a much larger audience of devices than initially planned during the old operating system's lifecycle. This move, which took place on April 1st, is a direct and urgent response to the spread of the exploit kit named DarkSword, a previously targeted espionage tool that has become a mass threat after a researcher published its source code on GitHub.
The vulnerability concerns a chain of six distinct security flaws, tracked as CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520. Although Apple had begun patching these holes back in July 2025 with the release of iOS 18.6, the distribution of patches had ceased for newer models once the upgrade to next-generation operating systems was made available. Until yesterday, the last protected version (18.7.6) was limited exclusively to the iPhone XS, XS Max, and XR models, leaving millions of more modern devices, such as the iPhone 11 and later, exposed, as their owners preferred to keep iOS 18 for stability or app compatibility reasons.
Apple Releases iOS 18.7.7 to Address DarkSword
The DarkSword kit is a sophisticated tool already employed by state actors and commercial surveillance vendors. According to data collected by Google Threat Intelligence (GTIG), Lookout, and iVerify, the exploit has been actively exploited by the Turkish company PARS Defense, specialized in monitoring tools, as well as by a Russian-based group identified as UNC6353 and another threat actor known as UNC6748. These groups have used DarkSword to silently inject three different families of malware into victims' devices.
The first on the list is GhostBlade, an aggressive JavaScript-based infostealer targeting credentials and sensitive data. Next is GhostKnife, a backdoor that ensures persistent access to the system, and finally GhostSaber, malware capable of executing arbitrary code remotely to exfiltrate specific files. Attacks can be delivered directly via the web, making simple browsing on compromised sites a lethal infection vector for those who have not updated their device's kernel.
With the release of iOS 18.7.7, Apple now covers a monumental list of hardware: among the iPhones, in addition to the mentioned XS and XR, it includes all variants of iPhone 11, 12, 13, 14, 15, and 16, including second and third generation SE models and the recent iPhone 16e. On the tablet front, the update is available for the iPad mini (from the 5th generation), iPad Air (from the 3rd generation), including the new models with M2 and M3 chips, and the iPad Pro range (from the 11-inch first generation model up to the recent M4).
For those who have enabled automatic updates, the protection should be applied without manual intervention during overnight charging cycles. However, given the public availability of the exploit on GitHub and the activism of the UNC groups, it is advisable to manually check for the update via the Settings menu.
This extension of support represents a significant exception in Apple’s policy, dictated solely by the severity of a threat that shows no signs of abating and demonstrates how old software branches remain a primary target for global cyber-espionage.