Updates were Apple’s standard response to all iPhone security issues for many years. The company’s patching philosophy is based on the straightforward premise that you should proceed if you wish to be protected. After the release of the new version, older versions of iOS were left to deteriorate on their own, unsupported, and with any vulnerabilities that had accumulated. Given that the majority of its users have historically updated within a few weeks, Apple maintained this policy with the kind of quiet confidence that comes from knowing that it made some engineering sense. With the introduction of DarkSword and a redesign known as Liquid Glass, hundreds of millions of iPhones found themselves in a situation for which Apple’s outdated strategy had no practical solution.
Most people agree that DarkSword is a really nasty piece of work. An iPhone running iOS 18.4 through 18.7 can be taken over by this full-chain exploit, which only requires sending the device to a hacked website. There are no dubious files to download. No dialog box asking for permission to dismiss. Simply visiting the incorrect page. The threat was verified by security researchers who tested it on their own devices. The code was available for anyone to read by the time it began to circulate publicly on GitHub in late March. According to WIRED, it was complete and included helpful developer comments outlining how it operated. It was now very easy to deploy it against targets.
| Company | Apple Inc. |
|---|---|
| Headquarters | One Apple Park Way, Cupertino, California, USA |
| CEO | Tim Cook |
| Exploit Name | DarkSword |
| Vulnerability Type | Full-chain iOS exploit triggered via malicious website visits or phishing links; requires no user interaction beyond visiting a compromised page |
| iOS Versions Affected | iOS 18.4 through iOS 18.7 (devices capable of running iOS 26 left unpatched until April 2026) |
| Patch Released | iOS 18.7.7 (April 1, 2026) — backported for iPhone 11 through iPhone 16 and 2nd-gen iPhone SE |
| Estimated Devices at Risk | 221 million to 270 million iPhones |
| Known Threat Actors | Multiple hacker groups; suspected Russian FSB-linked group confirmed using DarkSword in phishing campaigns |
| Regions Targeted | Malaysia, Saudi Arabia, Turkey, Ukraine, and US-targeted English-language domains |
| Official Reference | support.apple.com |
In December, Apple released iOS 18.7.3, which patched DarkSword for older iPhones, namely the iPhone XS and XR, which are incompatible with iOS 26. The company’s advice to everyone else remained the same: update to iOS 26 and the issue will be resolved. The issue was that even Apple’s most devoted customers were taken aback by what was included in iOS 26. Rocky Cole of iVerify described the “Liquid Glass” interface, which was translucent, visually altered, and met with conflicting reactions, as a “very public pushback.” After seeing the new design, millions of users discreetly chose to remain in place, acknowledging the well-known trade-off between security and aesthetics. It appears that Apple had not fully considered that computation.
Security companies estimate that between 221 and 270 million iPhones are still running iOS 18. It’s not a rounding error. With software that has a known, in-the-wild exploit that is spreading to more hacker groups every week, that population is greater than most nations. Before a suspected Russian group with ties to the FSB started using DarkSword as a weapon in phishing email campaigns targeting Western users, reports showed it had already been used against targets in Malaysia, Saudi Arabia, Turkey, and Ukraine. As late as last Thursday, an independent researcher discovered a new English-language website that appeared to be aimed at victims in the United States. The window was not shutting by itself.
As this develops, it’s difficult to ignore the predicament Apple found itself in. More than almost any other tech company, its brand is based on the assurance of security and privacy. The copy for the advertisement writes itself. Leaning into it are the keynote slides. Additionally, hundreds of millions of users who had made a sensible consumer decision—refusing to adopt a design they didn’t like—were exposed as a result of this real, verifiable threat that was spreading through Telegram groups and open-source repositories. Before Apple took action, security researchers’ criticism had been mounting for two weeks. It’s important to note that delay.
With the release of iOS 18.7.7 on April 1, Apple extended DarkSword protection to the iPhone 11 through iPhone 16 and the second-generation iPhone SE. These devices are fully capable of running iOS 26, but a backported patch allows them to remain on iOS 18. The fix was automatically applied to users who had enabled automatic updates. Others discovered it under the quiet “Also Available” option in Settings, which is located beneath the primary iOS 26 prompt. For iPadOS 18.7.7, Apple followed suit. This technique, referred to as “backporting” in security circles, entails taking updates designed for a more recent operating system and modifying them to safeguard an older one. Apple has traditionally opposed doing this for devices that are capable of further upgrades.
This could be a real, long-lasting change in Apple’s security and user choice policies. It’s also possible that the old policy subtly reappears after DarkSword fades from the news cycle and that it was a specific, forced reaction to a particular, unusually loud crisis. In its press release, Apple emphasized that iOS 26 is still the best option for the most complete security, but it refrained from making backporting a standard procedure. The phrase “we’ll help you where you are, but we’d prefer you moved” likely captures the genuine conflict that exists within the organization between the messiness of actual user behavior and engineering idealism.
Without going into technical detail, DarkSword has shown that users don’t always follow company policies and that “update or accept the risk” isn’t a comprehensive security strategy when the number of non-updating users exceeds nine figures. Apple found itself in a situation where it was difficult to publicly defend the moral response. The patch is currently available. Whether Apple creates a more thoughtful framework for circumstances such as this one or if it waits for the next crisis to force the question again is an interesting question to watch.
