Apple has urgently rolled out an emergency iOS update, advising millions of iPhone users to download it without delay.

The tech giant has extended the reach of its iOS 18.7.7 and iPadOS 18.7.7 updates to a broader spectrum of devices, emphasizing that these updates are crucial for safeguarding against a cyberattack technique dubbed DarkSword.

According to Apple, these updates will ensure that more users with automatic updates enabled are shielded from what it calls web-based assaults.

The DarkSword exploit kit, which surfaced in 2025, is engineered to target vulnerable Apple devices and covertly install harmful software.

Security experts reveal that the attack is initiated when users visit a legitimate website that has been surreptitiously infected with malicious code, a strategy referred to as a ‘watering hole attack.’

Once the malware is activated, it can create hidden backdoors, granting hackers prolonged access to the device and the ability to pilfer sensitive data.

Experts warned that a newer version of the hacking tool has now leaked online, raising fears that additional cybercriminal groups could begin using it in broader attacks.

Users who believe they may be targets of such attacks, particularly journalists, activists or those handling sensitive information, are advised to enable Apple’s Lockdown Mode by going to Settings, selecting Privacy & Security, tapping Lockdown Mode and following the prompts to turn it on and restart their device. 

Apple expanded the availability of its iOS 18.7.7 and iPadOS 18.7.7 updates to a much wider range of devices, warning that the software contains critical protections against a cyberattack method known as DarkSword 

Cybersecurity firms, including Google’s Threat Intelligence Group and Lookout, previously revealed that the DarkSword toolkit has been used in attacks targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine since July 2025.

The team found that it takes advantage of several hidden weaknesses in iPhones and the Safari browser. 

This allows attackers to secretly install malware on a device, another reminder of why keeping your phone updated is crucial.

In some cases, attackers created fake websites or apps to trick people, such as a lookalike version of Snapchat, while in others they hacked legitimate websites, including a government site.

Once a phone is infected, hackers can install different types of spyware depending on their goal.

One version, called ‘Ghostblade,’ is designed to steal huge amounts of personal information.

This includes text messages, call history, contacts, photos, emails, passwords, location data, browsing history and even files stored in iCloud.

It can also access messages from apps like WhatsApp and Telegram.

DarkSword chains together six separate flaws in iOS and Safari, allowing attackers to quietly install malware on targeted devices, highlighting the critical importance of keeping software up to date

The malware looks for cryptocurrency apps and wallets, meaning it can potentially steal digital assets or sensitive financial data.

Apple initially released the iOS 18.7.7 update on March 24, 2026, but at the time, it was limited to a small number of older devices.

The tech giant has now expanded the update to cover a much wider range of iPhones and iPads, including devices capable of upgrading to newer operating systems but still running older versions.

In a statement shared with WIRED, an Apple spokesperson said the company made the unusual move to expand the update to protect users who have not yet upgraded to the latest software.

Users without automatic updates enabled can manually install the patch by updating their device to the latest secure version of iOS 18 or upgrading to iOS 26.

Cybersecurity researchers say the threat highlights growing concerns that sophisticated spyware targeting iPhones is becoming more common.

‘DarkSword silently steals vast amounts of user data simply because the user visited a real, but compromised, website,’ said Rocky Cole, co-founder of cybersecurity firm iVerify.

Apple has also begun sending lock screen warnings to some users running outdated software, urging them to install updates immediately.

Experts warned that failing to install the patch could leave devices vulnerable to data theft and long-term surveillance.