As expected, Apple today released a new build of iOS 18.7.7 and iPadOS 18.7.7, likely with a fix for the DarkSword exploit. iOS 18.7.7 was initially limited to the iPhone XS and XR models, but it is now available for other iPhones running iOS 18.
An Apple support document informs users about recent reports about hacking tools that can be used against iPhones running older versions of iOS. iOS exploit kits known as “Coruna” and “DarkSword” are being used by bad actors to take advantage of vulnerabilities in devices running older software.
Devices that have been upgraded to iOS 26 are already protected from DarkSword. However, those still running iOS 18 are vulnerable to the exploit, leading Apple to release the fix to protect iOS 18 users. Approximately 25% of all iPhone users remained on iOS 18 as of February for one reason or another, even though their device supports the latest version.
It is rare for Apple to provide a security update to protect iOS 18 users that haven’t had the urge to upgrade to iOS 26. Traditionally, Apple uses such security fixes as a way to get users to update to the latest version of the operating system supported by the device.
Apple says that the iOS 18.7.7 update is available for more devices, and devices with older versions of iOS 18 will receive an additional alert to install a Critical Security Update.
Note: We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword. The fixes associated with the DarkSword exploit first shipped in 2025.
Devices with older versions of iOS 18 will receive an additional alert to install a Critical Security Update.
To install the iOS 18 update, your iPhone should be fully charged and connected to WiFi. To check that the update is available and to install it, go to “Settings” -> “General” -> “Software Update.” If you have automatic updates enabled you should see the new software installed automatically.
DarkSword has been used by multiple hacker groups to hack the iPhones of users in multiple countries, including Malaysia, Saudi Arabia, Turkey, and Ukraine, says Google.
While such toolkits are not unusual in the black hat hacker community, the availability of DarkSword makes it simple for even a script kiddie to grab the files from open source code repository GitHub, and in a matter of minutes be infecting unsuspecting devices.
