A silent threat has been lurking within millions of iPhones, a sophisticated exploit known as DarkSword. Its potential reach is staggering, impacting a vast number of users who may not even realize their devices are at risk.
The core of the problem lies in older iOS versions. Specifically, all iPhones running iOS 18 prior to version 18.7.3, and iOS 26 before 26.3, are vulnerable. While diligent users who consistently update their software are protected, a significant portion of the iPhone population remains exposed.
Many users simply don’t update frequently enough, unknowingly operating on outdated and insecure systems. Others have actively resisted the iOS 26 update, citing concerns over features like Liquid Glass or perceived performance drawbacks. This defiance, however, creates a dangerous security gap.
Apple’s usual security protocol dictates that devices running unsupported iOS versions eventually lose access to security updates. An iPhone capable of upgrading is typically forced to do so to remain protected. But a curious exception emerged with DarkSword, leaving some newer devices vulnerable even while running technically supported, older software.
For example, an iPhone 16 running iOS 18 received updates up to version 18.7.3, but missed crucial patches included in the later 18.7.7 release. This meant it remained susceptible to emerging threats, including potential DarkSword exploits. An older iPhone XS, unable to upgrade to iOS 26, could still receive the 18.7.7 update, but the iPhone 16 was left in a precarious position: update or remain vulnerable.
The situation has prompted a significant shift in Apple’s approach. Recognizing the widespread risk, the company announced a new security patch for all devices running iOS 18, even those unable to upgrade to the latest iOS 26. This decision underscores the severity of the DarkSword threat and the substantial number of users still relying on older software.
This move is unusual, demonstrating Apple’s willingness to prioritize security over its typical update policies. It acknowledges that forcing users to choose between a specific operating system and essential security updates is no longer a viable option. It’s also not an isolated incident.
Just weeks prior, Apple released patches for older iPhones to defend against the “Coruna” exploit kit, marking the second time in a month the company has extended security support to older iOS versions. This suggests a growing awareness of the need to protect a broader range of devices.
The new security patch is expected to be released around 10 a.m. PT (1 p.m. ET). Users with automatic updates enabled will receive it seamlessly. Those who prefer to manually install the update can find it in Settings > General > Software Updates.
This unexpected response to DarkSword highlights a critical reality: security vulnerabilities can impact a vast user base, forcing even the most steadfast companies to adapt and prioritize protection for all.