Apple has rolled out an emergency security update for older iPhone and iPad models to block a spyware threat known as DarkSword. The move matters because the attack can hit devices through a web page alone, which means users do not need to install a suspicious app or tap a malicious file to become exposed.
The company has released iOS 18.7.7 and iPadOS 18.7.7 as a protective fix for devices that no longer run the latest major software version. According to TechCrunch, the patch targets a security flaw that DarkSword has used against versions from iOS 18.4 to iOS 18.7.
Why Apple moved fast
DarkSword stands out because of how quietly it works. The threat can exploit a vulnerable device simply by luring the user to a compromised website, then it can steal private messages, browsing history, location data, and even cryptocurrency-related information.
That makes the threat especially dangerous for people who use older hardware and may not always upgrade to the newest release. Apple’s new update gives those users a way to close the hole without replacing their phones or tablets.
Cybersecurity researchers have also warned that the risk is increasing because DarkSword exploit code has reportedly circulated online. Once that code spreads, more attackers can try to use the flaw, including those with limited technical ability.
Who needs to install the update
The emergency patch is aimed at older devices that cannot, or have not yet, moved to iOS 26. Apple said devices already running its newest software were protected earlier, but the company still chose to publish a separate fix for iOS 18 users.
That decision is important because many people keep their older iPhone and iPad models for longer than one upgrade cycle. In that situation, security support becomes as valuable as new features, since a single unpatched flaw can leave a device exposed.
Here is a simple view of the current protection status:
| Device/System status | Protection against DarkSword |
|---|---|
| iOS 26 and later | Already protected |
| iOS 18.4 to iOS 18.7 | Vulnerable before the patch |
| iOS 18.7.7 / iPadOS 18.7.7 | Patched and safer |
How DarkSword attacks work
Apple’s warning points to a web-based attack path, which is a major concern for everyday users. A person can be targeted just by visiting a site that has been injected with malicious code, making the threat harder to spot than a fake app or obvious phishing message.
That type of attack often uses flaws in how the browser or system processes web content. When that happens, the attacker may gain access to sensitive data without the user noticing any obvious sign at the moment of compromise.
Reports linked to DarkSword also suggest that it has already been used in campaigns across several countries. Those countries include China, Malaysia, Türkiye, Saudi Arabia, and Ukraine, which shows the threat has had a broad reach.
What Apple says about extra protection
Apple also pointed to Lockdown Mode as another layer of defense against advanced spyware. The company designed the feature for users who need stronger protection, especially those who may face targeted attacks because of their work or public profile.
Lockdown Mode reduces certain functions on the device to narrow the attack surface. Apple says it has not seen a successful spyware attack against devices with the feature enabled, though the setting is not meant for everyone because it can limit normal device behavior.
The feature can be useful for journalists, activists, executives, and other high-risk users. For these groups, reducing exposure can matter as much as installing the latest patch.
What users should do now
Apple’s emergency update is effective only if users install it. That means checking the software update menu on the device and downloading the new version as soon as it appears.
Users should also keep basic digital hygiene in place, since no security patch can remove every risk. Avoiding suspicious links, staying away from unknown websites, and being careful with messages from unfamiliar sources remain essential.
For older iPhone and iPad owners, the release is a reminder that software support still plays a major role in device safety. Even when a phone is no longer on the newest operating system, Apple’s latest patch shows that older devices can still receive meaningful protection against active threats.
What makes this update significant
The broader significance goes beyond one spyware campaign. Apple’s move shows that legacy devices remain a serious part of the security picture, especially when attackers look for systems that have not fully moved to the newest software.
That matters because many users delay upgrades for practical reasons, including battery life, app compatibility, or the cost of replacement. Emergency patches like iOS 18.7.7 and iPadOS 18.7.7 help reduce that gap and keep more users protected while they continue using older hardware.
Security experts often stress that fast patching is one of the simplest ways to reduce risk from active exploits. In this case, the update closes a doorway that DarkSword was reportedly able to use through the web, and it gives older iPhone and iPad owners a much better line of defense against a threat that has already moved beyond theory and into real-world attacks.
