**Apple** expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices on April 1, 2026, to mitigate the risks associated with the recently disclosed **DarkSword** exploit kit. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword," the company said. "The fixes associated with the DarkSword exploit first shipped in 2025." The update is available for the following devices: * iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (2nd generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (3rd generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), and iPhone 16e * iPad mini (5th generation - A17 Pro), iPad (7th generation - A16), iPad Air (3rd - 5th generation), iPad Air 11-inch (M2 - M3), iPad Air 13-inch (M2 - M3), iPad Pro 11-inch (1st generation - M4), iPad Pro 12.9-inch (3rd - 6th generation), and iPad Pro 13-inch (M4) ### Addressing Vulnerabilities in Older Devices The latest update targets devices capable of updating to iOS 26 but still running older versions. **Apple** initially released iOS 18.7.7 and iPadOS 18.7.7 on March 24, 2026, but only for iPhone XS, iPhone XS Max, iPhone XR, and iPad 7th generation. Last month, **Apple** also urged users to update older devices to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 to address exploits used in **DarkSword** and another exploit kit called **Coruna**. ### A Rare Move for Apple While **Apple** typically backports fixes for older devices based on vulnerability criticality, allowing iOS 18 users to patch their devices without updating to the latest OS version is an unusual departure for the tech giant. In a statement shared with WIRED, an **Apple** spokesperson said the update was expanded to more devices to enhance protection. Users without auto-update enabled can update to the patched version of iOS 18 or iOS 26. ### DarkSword Exploit Kit Details The move follows reports from **Google Threat Intelligence Group (GTIG)**, **iVerify**, and **Lookout** detailing the **DarkSword** iOS exploit kit, used in cyberattacks targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine since July 2025. The kit targets iOS and iPadOS devices running versions between iOS 18.4 and 18.7. The attack is triggered when a user visits a compromised website hosting malicious code, a technique known as a watering hole attack. Once launched, the attacks deploy backdoors and a dataminer for persistent access and information theft. The origin of the advanced hacking tool and its proliferation among multiple threat actors remains unclear. A newer version of the kit has been leaked on **GitHub**, raising concerns about wider exploitation. The discovery highlights the increasing prevalence of powerful iPhone spyware and its potential for mass exploitation. ### Lock Screen Alerts and Targeted Attacks As of last week, **Apple** began issuing Lock Screen notifications to iPhones and iPads running older iOS and iPadOS versions, alerting users to web-based attacks and urging updates. **Proofpoint** and **Malfors** revealed that **COLDRIVER** (aka TA446), a Russia-linked threat actor, exploited **DarkSword** to deliver the GHOSTBLADE data stealer malware in attacks targeting government, think tank, higher education, financial, and legal entities. "DarkSword silently steals vast amounts of user data purely because the user visited a real (but compromised) website," said Rocky Cole, co-founder and COO at **iVerify**. "Apple has at least agreed with the security community's assessment that this presents a clear and present threat to devices that remain unpatched on earlier versions of iOS, which roughly 20% of people are still running." "Leaving those users exposed would be a hard decision to defend, particularly for a company that centers its brand around security and privacy. Backporting patches to older iOS versions seems like the least they can do in lieu of providing a security framework for outside developers. The fact is that patching is too little too late when zero-days are involved, and the exploit market is booming."