Apple has released a new security update for older iPhones and iPads, expanding protection against a web-based attack kit called DarkSword. This time, Apple is also giving the fix to many users who have not upgraded to the latest mobile software.
A wider patch for users who stayed on iOS 18
Apple rolled out iOS 18.7.7 and iPadOS 18.7.7 on Wednesday. Apple’s security bulletin said the update became available for more devices on April 1, 2026, so users with Automatic Updates turned on could get important security protections from web attacks called DarkSword.
This release stands out because of who it helps.
TechCrunch reported that Apple had already protected users who upgraded to iOS 26 and had given fixes to devices that could not run iOS 26. Now, this update helps millions of people whose devices can run iOS 26 but who chose not to upgrade.
Apple’s security note says the update now covers devices from the iPhone XR, XS, and XS Max up to the iPhone 16 series, as well as several iPad models like the iPad mini (5th generation and newer), iPad Air (3rd generation and newer), and recent iPad Pro models.
This is what makes the update important. TechCrunch noted that some users avoided the new operating system because of Apple’s liquid glass interface, which has received complaints.
Instead of making users upgrade to iOS 26 right away, Apple is now letting them stay on iOS 18 and still get protection against DarkSword.
What DarkSword can do
DarkSword is a serious threat. TechCrunch described it as a leaked hacking toolkit that can break into Apple devices running iOS 18.4 to 18.7 if a user visits a website with the malicious code, even if the site is normally safe.
The report said these exploits can steal messages, browser histories, location data, and cryptocurrency, then send that information to a server controlled by attackers.
These tools have already been used in attacks on users in China, Malaysia, Turkey, Saudi Arabia, and Ukraine. More importantly, after the tools were published online, security researchers warned that anyone can use them against people still using older Apple software.
This means the threat is no longer limited to targeted attacks and is now easier for others to use.
Apple is pushing the update automatically
Apple’s security note says the DarkSword fixes for this exploit first shipped in 2025. Now, with the wider rollout, more users on iOS 18.7.7 can get these protections without having to switch operating systems right away. Customers with automatic software updates turned on should get the patch automatically.
Apple is also recommending its higher-security mode for extra protection. The company said Lockdown Mode protects against DarkSword attacks. Apple also told the publication last week that it has not seen any successful government spyware attacks on devices running Lockdown Mode.
A security signal beyond this patch
The bigger takeaway is that Apple is willing, at least this time, to expand protections for users who are not on the latest software if the threat is serious.
This is important because DarkSword is a web-based attack, and Apple’s own statements show the company thinks it is serious enough to add protections for more devices.
For users still on iOS 18, the choice is now clear: update to iOS 18.7.7 right away or move to iOS 26, but do not stay unprotected.
