GoKawiilApple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit.
"We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword," reads a note in today's iOS 18.7.7 security update changelog.
"The fixes associated with the DarkSword exploit first shipped in 2025."
In March, researchers at Lookout, iVerify, and Google Threat Intelligence revealed a new "DarkSword" exploit kit that targeted iPhones running iOS 18.4 through 18.7.
The six vulnerabilities used by the DarkSword exploit kit are tracked as CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520.
While iOS exploits have typically been used in highly targeted spyware campaigns, this iOS exploit kit was used much more widely, including by Turkish commercial surveillance vendor PARS Defense, a threat actor tracked as UNC6748, and a suspected Russian espionage group tracked as UNC6353.
In these attacks, GTIG observed three separate information-stealing malware families deployed on victims' devices: a highly aggressive JavaScript infostealer named GhostBlade, the GhostKnife backdoor, and the GhostSaber JavaScript malware, which can execute code and steal data.
Since July 2025, with the release of iOS 18.6, Apple has been steadily fixing the flaws as they are disclosed in security updates pushed out to compatible devices.
Threat actors using the DarkSword exploit kit
Source: GTIG
... continue reading