Back to Home

iOS 18.7.7 patches DarkSword vulnerabilities

Apple released iOS 18.7.7 to fix vulnerabilities from the DarkSword exploit kit, preserving the old interface. The patch is rare for the iOS 18 branch and is intended for users avoiding iOS 26. Threat analysis and technical details for developers.

iOS 18.7.7 patch against DarkSword: details for devs
Advertisement 728x90

iOS 18.7.7: Patch Against the DarkSword Exploit Kit for Older Versions

Apple released the iOS 18.7.7 security update, addressing vulnerabilities exploited by the DarkSword kit. This is a rare patch for the iOS 18 branch, aimed at users avoiding migration to iOS 26 due to interface changes. The update closes attack vectors used in spyware and data theft.

Discovery of DarkSword

In mid-March 2026, researchers from Lookout and Google Threat Intelligence Group (GTIG) discovered the DarkSword exploit kit. This kit allows hackers to gain unauthorized access to iOS devices without user notification. Key capabilities:

  • Stealing personal data.
  • Installing spyware.
  • Attacks on cryptocurrency wallets.

Exploits were used by groups linked to state actors. Shortly after discovery, DarkSword code appeared on GitHub, increasing risks for users.

Google AdInline article slot

Apple responded quickly, confirming fixes in iOS 26. However, owners of devices on iOS 18.4–18.7 faced a dilemma: updating to iOS 26 changes the design, while skipping leaves the system vulnerable.

iOS 18.7.7 as an Exception to the Rule

Typically, Apple ends support for old iOS branches after a new major version release. Nevertheless, for iOS 18, they released 18.7.7—a pure security patch without new features. It preserves the legacy interface and focuses on closing zero-day vulnerabilities from DarkSword.

Key changes in the patch:

Google AdInline article slot
  • Patching kernel exploits for privilege escalation.
  • Strengthening sandboxing to prevent escalation.
  • Updating WebKit to block drive-by attacks.
  • Improvements in network request handling against MITM.

Developers are advised to test apps on iOS 18.7.7, especially those interacting with system APIs vulnerable to exploits.

Technical Details of the Exploits

DarkSword uses vulnerability chains typical for mobile platforms:

  • JIT spoofing in JavaScriptCore to bypass PAC (Pointer Authentication).
  • Memory corruption in CoreGraphics for ROP chains.
  • Logic bugs in iCloud services for data sideload.

After publication on GitHub, researchers noted an increase in attacks on users in high-risk regions. For mid/senior developers, it's important to monitor CVEs related to these vectors and implement mitigations in custom frameworks.

Google AdInline article slot

The iOS 18.7.7 patch demonstrates Apple's security priority, even for outdated branches. This allows supporting legacy fleets without forced migration.

Key Takeaways

  • Critical DarkSword vulnerabilities fixed in iOS 18.7.7 without UI changes.
  • Rare patch for old branch: exception to EOL support policy.
  • Links to state groups: exploits used by APT actors.
  • Public code: DarkSword on GitHub heightens threat to all iOS devices.
  • Recommendation: immediate update for iOS 18.x users.

The update size is minimal, focused on security fixes. Testing on Xcode simulators will show compatibility with production apps.

— Editorial Team

Advertisement 728x90

Read Next