According to the release notes published on April 1, Apple has expanded compatibility to cover more devices.

Users who have enabled automatic updates will receive important protections designed to defend against web-based attacks linked to DarkSword.

The vulnerabilities associated with DarkSword were first addressed in 2025.

In March, researchers from Lookout, iVerify, and the Google Threat Intelligence team revealed that DarkSword targets iPhones running from iOS 18.4 to 18.7.

The toolkit exploits six security flaws: CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520.

While iOS vulnerabilities are typically used in targeted espionage campaigns, DarkSword has spread on a much larger scale.

The groups behind these attacks include commercial surveillance vendor PARS Defense, along with hacking groups UNC6748 and UNC6353.

Security researchers identified three strains of data-stealing malware deployed in these attacks.

These include GhostBlade, a powerful JavaScript-based data exfiltration tool; GhostKnife, a backdoor; and GhostSaber, malware capable of executing commands and stealing sensitive information.

Since July 2025, with the release of iOS 18.6, Apple has continuously patched vulnerabilities as they were disclosed through security updates for supported devices.

However, by late 2025, the company stopped providing iOS 18 updates for newer devices capable of upgrading to iOS 26.

For users who chose to remain on iOS 18, access to ongoing security updates became more limited. Newer devices no longer received the DarkSword-related patches released in 2026.

As a result, only a small number of devices remained eligible for iOS 18 updates, with version 18.7.6 previously available only for iPhone XS, iPhone XS Max, and iPhone XR.

The situation became more critical when a researcher publicly released the DarkSword toolkit on GitHub last month.

This made it significantly easier for other attackers to exploit older iPhone models.

In response, on April 1, Apple officially rolled out iOS 18.7.7 to support more devices that continue to run the older operating system while still ensuring protection against emerging threats.

The list of eligible devices now includes iPhone XR, iPhone XS, iPhone XS Max, all models from iPhone 11 to iPhone 16 and 16e, iPhone SE (2nd and 3rd generation), iPad mini (5th generation with A17 Pro), iPad (7th generation with A16), iPad Air (3rd to 5th generation), 11-inch and 13-inch iPad Air models with M2 - M3 chips, 11-inch iPad Pro (1st generation with M4), 12.9-inch iPad Pro (3rd to 6th generation), and 13-inch iPad Pro with M4.

Users running iOS 18 with automatic updates enabled will receive the latest version along with enhanced protection against the DarkSword toolkit.

Du Lam