Apple Rolls Out DarkSword Exploit Protection to More Devices

Summary

Apple has expanded availability of iOS 18.7.7 updates to older iPhone and iPad models to protect against the DarkSword exploit kit, which targets six iOS vulnerabilities and has been used by Russian state-sponsored groups and commercial spyware vendors. The exploit kit, linked to the Coruna kit through shared infrastructure, can fully compromise devices with minimal user interaction. Approximately 200 million devices running iOS 18.4-18.6.2 were estimated vulnerable before these patches rolled out.

Full text

Apple is rolling out iOS and iPadOS updates for older devices to protect them against the recently disclosed DarkSword exploit kit. A few weeks after the Coruna exploit kit came to light, iVerify, Google, and Lookout warned of another dangerous exploit kit targeting vulnerabilities in Apple’s mobile platforms. DarkSword, which is linked to Coruna by shared infrastructure, targets six iOS vulnerabilities, and it can allow attackers to fully compromise devices with minimal user interaction. Security firms warned that DarkSword has been used by both state-sponsored threat groups and commercial surveillance vendors. At least two Russian nation-state groups have been leveraging the exploit kit in their attacks. Apple released patches for the vulnerabilities exploited by DarkSword in 2025, and the owners of recent devices running the latest iOS versions have been protected for months. However, when DarkSword emerged last month, iVerify estimated that roughly 200 million devices running iOS versions between 18.4 and 18.6.2 may have been vulnerable.Advertisement. Scroll to continue reading. Apple announced on April 1 that it has now made the latest iOS 18 version (18.7.7), which includes the DarkSword patches, available for additional devices. “We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword,” Apple wrote in its advisory. The iOS and iPadOS 18.7.7 updates address two dozen security flaws that could allow attackers to compromise devices or data, including kernel code execution, keychain access, activation lock bypass, and web browsing risks. The updates are now available for iPhones such as XR, XS, XS Max, 11, SE (2nd and 3rd generation), 12, 13, 15, 16, and 16e, and iPad models such as 5th Gen mini (A17 Pro), 7th Gen (A16), Air (3rd–5th Gen & 11″/13″ M2–M3), and Pro (11″ 1st Gen–M4 & 12.9″/13″ 3rd Gen–M4). Related: Apple Debuts Background Security Improvements With Fresh WebKit Patches Related: Apple Updates Legacy iOS Versions to Patch Coruna Exploits Related: Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’ Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Toy Giant Hasbro Hit by CyberattackExploited Zero-Day Among 21 Vulnerabilities Patched in ChromeFBI Warns of Data Security Risks From China-Made Mobile AppsGoogle Addresses Vertex Security Issues After Researchers Weaponize AI AgentsCensys Raises $70 Million for Internet Intelligence PlatformGoogle Slashes Quantum Resource Requirements for Breaking Cryptocurrency EncryptionHealthcare IT Platform CareCloud Probing Potential Data BreachEuropean Commission Reports Cyber Intrusion and Data Theft Latest News Cybersecurity M&A Roundup: 38 Deals Announced in March 2026Cisco Patches Critical and High-Severity Vulnerabilities250,000 Affected by Data Breach at Nacogdoches Memorial HospitalMercor Hit by LiteLLM Supply Chain AttackSophisticated CrystalX RAT EmergesVariance Raises $21.5M for Compliance Investigation Platform Powered by AI AgentsLinx Security Raises $50 Million for Identity Security and GovernanceDepthfirst Raises $80 Million in Series B Funding Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveModerna has promoted Farzan Karimi to Deputy Chief Information Security Officer.Brian Goldfarb has been appointed Chief Marketing Officer at SentinelOne.Token has appointed Katy Nelson as Chief Revenue Officer.More People On The MoveExpert Insights The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — DarkSword
• malware — Coruna

Entities