Apple Issues Urgent Update to Block DarkSword Cyberattacks

Apple has issued an urgent warning to millions of iPhone users, urging them to act immediately after discovering a sophisticated cyberattack method known as DarkSword. The tech giant released an emergency update—iOS 18.7.7 and iPadOS 18.7.7—to address vulnerabilities that could allow hackers to install malicious software on devices. This update is now available to a broader range of users, including those who have not yet upgraded to the latest iOS versions. Apple emphasized that the patch contains "critical protections" against web-based attacks, which have been exploited since 2025.

The DarkSword exploit kit, first identified in 2025, targets vulnerabilities in Apple devices by tricking users into visiting legitimate websites infected with malicious code. This tactic, known as a "watering hole attack," allows hackers to secretly install malware on devices without user interaction. Once activated, the malware can create hidden backdoors, enabling long-term surveillance and data theft. Security experts warn that a newer version of the tool has now leaked online, increasing the risk of widespread attacks.

"DarkSword silently steals vast amounts of user data simply because the user visited a real, but compromised, website," said Rocky Cole, co-founder of cybersecurity firm iVerify. He noted that the exploit chains together six separate flaws in iOS and Safari, making it particularly dangerous. The malware can access sensitive information such as text messages, call history, photos, and even iCloud files. In some cases, attackers have created fake websites or apps—like a lookalike version of Snapchat—to lure victims.

Cybersecurity firms, including Google's Threat Intelligence Group and Lookout, have confirmed that DarkSword has been used in attacks targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine since July 2025. These attacks often involve hacking legitimate websites, including government portals, to deploy malware. One variant, called "Ghostblade," is designed to steal cryptocurrency wallets and financial data, highlighting the exploit's potential to target digital assets.

Apple initially released the iOS 18.7.7 update on March 24, 2026, but limited it to older devices. Now, the company has expanded the update to cover a wider range of iPhones and iPads, including those still running older software versions. An Apple spokesperson told WIRED that this move was "unusual" but necessary to protect users who have not upgraded to the latest iOS 26 or newer versions of iOS 18.

Users are advised to enable Lockdown Mode—a security feature designed to block advanced threats—to further protect their devices. To activate it, users must navigate to Settings > Privacy & Security > Lockdown Mode and follow the prompts. Apple has also begun sending lock screen warnings to users running outdated software, urging them to install updates immediately. Experts warn that failing to do so could leave devices vulnerable to data theft and long-term surveillance.

Why are journalists, activists, and others handling sensitive information being specifically targeted? Could this be the start of a larger trend in cyber espionage? As Apple expands its update rollout, users are left with no choice but to prioritize security—because in the world of cyberattacks, one misstep can mean the loss of everything.