Apple will release a security update for iOS 18 on Wednesday that closes the vulnerabilities exploited by the DarkSword vulnerability, according to a report by Wired. The update is specifically aimed at iPhone users who, for various reasons, have not yet upgraded to iOS 26.
Apple has already responded to two serious exploit chains in recent weeks, releasing several security updates for older iOS versions. Now, the company is going a step further and extending protection to devices that support iOS 26 but are still running iOS 18. Given the recent publication of the DarkSword exploit on GitHub, this step is particularly urgent.
DarkSword and Coruna: Two exploit chains in focus
In recent weeks, Apple has released several updates for older iOS versions. The company responded to two exploit chains: Coruna, which affects devices running iOS 13 through iOS 17.2.1, and DarkSword, which targets iPhones running iOS 18.4 through 18.7. Both exploit chains utilize multiple vulnerabilities in combination to compromise affected devices. In most cases, a vulnerability in WebKit serves as the entry point from which the attack is then escalated.
DarkSword is particularly worrying. According to Google Threat Intelligence, the exploit chain utilizes a total of six different vulnerabilities, including three zero-day flaws. The entire attack tool is written in JavaScript and can steal sensitive data such as emails, contacts, passwords, crypto wallet data, and the entire message history within seconds. DarkSword has been observed being used by, among others, suspected Russian actors against Ukrainian targets, the Turkish surveillance provider PARS Defense, and other groups in Saudi Arabia and Malaysia.
Previous patches: Older devices are protected, newer ones are unprotected
Apple had already responded to the threat and released the following updates:
iOS 15.8.7 and iPadOS 15.8.7: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation) and iPod touch (7th generation).
iOS 16.7.15 and iPadOS 16.7.15: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch and iPad Pro 12.9-inch 1st generation.
iOS 18.7.7 and iPadOS 18.7.7: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation.
What was striking was that the iOS 18 update was limited exclusively to devices not compatible with iOS 26. In practice, this meant that iPhones that supported iOS 26 but were still running iOS 18 for whatever reason remained vulnerable.
Apple changes course: iOS 18 patch now also for iOS 26-compatible devices
Apple has confirmed to Wired that a new iOS 18 update will be released with the same protections against the DarkSword exploit already included in iOS 26. Apple explained that this makes the iOS 18 update available to more devices so that users with automatic updates enabled will receive critical security updates automatically. At the same time, Apple recommends that all users with supported devices update to iOS 26 for the most comprehensive protection.
Users who have disabled automatic updates have a choice: They can either install the updated, patched version of iOS 18 or switch directly to iOS 26.
Why this step is particularly important now
The timing of this change of course is no coincidence. Last week , DarkSword was published on GitHub, making the exploit freely accessible. According to TechCrunch, Matthias Frielingsdorf, co-founder of the security company iVerify, warned that the leaked files are trivially easy to use. The exploit files consist only of HTML and JavaScript and could be hosted on a server within minutes.
According to Apple's own figures, around a quarter of all iPhone and iPad owners are still using iOS 18 or older. This means potentially hundreds of millions of vulnerable devices worldwide. Particularly concerning is that DarkSword operates as a so-called watering hole attack. Simply visiting a compromised website is enough to infect the device, without any active interaction being required.
What you should do now
Anyone still using iOS 18 on an iPhone that also supports iOS 26 should act as soon as possible. As soon as the new iOS 18 update is available, it should be installed immediately. Ideally, the switch should be made directly to iOS 26, as it offers the most comprehensive protection.
The update can be downloaded via Settings → General → Software Update. Users who have automatic updates enabled will receive the patch automatically. For everyone else, both the patched iOS 18 version and iOS 26 are available for selection.
This move by Apple is welcome and shows that the company is not abandoning users of older system versions – especially given the increased threat level due to the public availability of the exploit kit. (Image: Shutterstock / Thaspol Sangsee)
- Iran war threatens India's smartphone exports – Apple has the advantage
- MacBook sales in 2026: Apple defies the market slump
- ChatGPT in CarPlay: OpenAI brings AI chat to the car
- Apple declares three devices vintage and obsolete
- NASA Artemis II: Rocket launch is recorded immersively
- iOS 26.5 Beta 1: All new features at a glance
- AirPods Max 2: First Reviews at a glance
- Apple introduces privacy rules for third-party providers
- WhatsApp is testing a CarPlay app with a new interface
- Apple is testing a new audio feature for third-party providers
- Apple is preparing to introduce advertising in Maps with iOS 26.5
- iOS 26.5 opens the system to accessories in the EU
- iOS 26.5 introduces new Subscription features in the App Store
- iOS 26.5 brings E2EE back to beta for RCS
- Apple Intelligence briefly appeared in China without authorization
- iOS 26.5: No new Siri features in the beta
- iOS 26.5 and more: Apple launches the next beta phase
- Apple subsidiary violates Russia sanctions
- Apple hires Google Manager for AI Strategy
- Apple explains: Lockdown Mode has never been overcome
- Apple tightens rules for Medical Apps in the Store
- iCloud: Why "Hide email" doesn't always protect you
