GoKawiilWhen it comes to iOS, Apple has largely maintained a take-it-or-leave-it approach to security updates. Want the software patches Apple creates to fix the vulnerabilities exploited by hackers to compromise iPhones? Then the company would tell you to update your phone to the latest version of iOS your hardware can handle—with no room for lingering on an older version just because you enjoy its retro look or familiar features.
Now, however, the appearance of not one but two sophisticated, in-the-wild iPhone hacking techniques in a single month—and some iPhone owners’ distaste for the look and feel of the latest version of iOS—may have finally shifted Apple’s patching policy. For the second time in just a few weeks, Apple is responding to the spread of a hacking tool by pushing out patches for older versions of iOS—and in the latest case, even for phones that have the capability to upgrade to its most recent version.
An Apple spokesperson tells WIRED that the company will issue software updates on Wednesday morning to protect iOS users from a hacking technique known as DarkSword, which is capable of silently taking over certain iPhones running iOS 18—the previous version of Apple’s mobile operating system—when they visit a website infected with the malicious code. Users of Apple’s latest iOS version released in September, iOS 26, were already protected against DarkSword. But the new patch push is designed to specifically protect vulnerable iOS 18 users who have so far resisted updating to iOS 26.
Apple’s move to allow iOS 18 users to patch their devices without updating to its latest operating system version—a practice of protecting an older operating system version that the cybersecurity industry calls “backporting” a patch—marks a surprising pivot for Apple. When researchers at Google and cybersecurity firms iVerify and Lookout revealed DarkSword nearly two weeks ago, Apple released iOS 18-specific patches only for older devices whose hardware was incompatible with iOS 26, and recommended all other users update to its most recent OS version.
Given that as many as a quarter of all iPhone users remained on iOS 18 as of February—and many of those users have consciously chosen not to upgrade to iOS 26 because of the unpopularity of its features like Apple's new “liquid glass” interface—that left many millions of holdouts facing a dilemma between their software preferences and their security.
Apple now appears to be changing its position in an effort to protect those holdouts. “Tomorrow we are enabling the availability of an iOS 18 update for more devices so users with auto-update enabled can automatically receive important security protections,” an Apple spokesperson wrote in a statement to WIRED. “We encourage all users with supported devices to update to iOS 26 to receive our most advanced protections.”
Users of iOS 18 who have auto-update turned on will automatically receive the version of iOS 18 that’s patched against DarkSword, while those who don’t have auto-update enabled will have the option to update to either the latest, patched version of iOS 18 or to iOS 26.
Criticism of Apple's lack of backported patches for iOS 18 had grown over the past two weeks, as DarkSword proliferated among hacker groups that have used the tool for everything from espionage to cryptocurrency theft. According to Google, DarkSword has been used by various hacker groups to break into the iPhones of users in Malaysia, Saudi Arabia, Turkey, and Ukraine. In at least some instances, the code was left in a fully reusable state on the legitimate websites that had been compromised by hackers to carry out DarkSword's intrusions, complete with helpful comments from its developer about how it worked, all making the tool easy to repurpose for any hacker that finds it.