In an unprecedented move, Apple has issued iOS 18.7.7 to all iPhones -- including those that can update to its newer software iOS 26. The iPhone maker has made iOS 18.7.7 available to millions more iPhones for one big reason: DarkSword, an exploit kit that can silently compromise iPhones running iOS 18.4 through 18.7 by chaining multiple vulnerabilities together.
The fix for DarkSword was issued in updates up to iOS 26.3, as well as the March 17 background security improvement included in iOS 26.4 tracked as CVE-2026-20643.
The iOS 26 upgrades came alongside updates to iOS 18 for those that could not run Apple's newer software. But of course, there was a catch -- as of December's iOS 26.2, iOS 18 fixes, including iOS 18.7.7 issued in late March were only available for iPhones that couldn't run iOS 26.
Many iPhone users have been refusing to update to iOS 26, instead preferring to stay on iOS 18. For that reason, people were annoyed when Apple fixed a security hole used to deliver spyware in December -- part of the DarkSword exploit kit -- at the same time it started preventing older iPhones choosing iOS 18.
Apple's release of iOS 18.7.7 changes this -- and it makes sense now all the DarkSword flaws are fixed.
About the DarkSword Flaws Fixed In iOS 18.7.7
Discovered by Google Threat Intelligence Group, the DarkSword iOS full-chain exploit leverages multiple zero-day vulnerabilities to "fully compromise devices," Google wrote in a blog.
Google said it had has observed multiple commercial surveillance vendors and suspected state-sponsored actors utilizing DarkSword in "distinct campaigns since at least November 2025."
DarkSword supports iOS versions 18.4 through 18.7 and utilizes six different vulnerabilities to deploy final-stage payloads.
The "proliferation of this single exploit chain across disparate threat actors" mirrors the previously discovered Coruna iOS exploit kit, Google said, adding that Russia based adversaries had used both kits in their attacks.
In March, it was confirmed that a version of the DarkSword iOS spyware exploit kit had been made public, prompting a warning from the U.S. Cybersecurity and Infrastructure Security Agency.
Why You Need To Update To iOS 18.7.7 Now
You now have the choice to upgrade to iOS 18.7.7, so given the seriousness of DarkSword, you need to update now.
Spyware is very targeted but it is also incredibly dangerous, because the malware can see and hear everything you do on your iPhone, including over encrypted apps such as WhatsApp and Signal. Apple's Lockdown Mode can help, but you need to have enabled it already to prevent spyware getting on your device.
Jake Moore, global cybersecurity advisor at ESET, highlights the criticality of the iOS 18.7.7 update. "We've never seen an exploit like DarkSword before," he says.
While he advises that auto updates are turned on, he calls iOS 18.7.7 "a special edition patch."
"It would be advisable to double check all your devices are updated to make sure they are protected," Moore warns.