Apple has rolled out iOS 18.7.7 and iPadOS 18.7.7 updates, significantly expanding protections against the advanced DarkSword exploit chain. In addition, the update addresses multiple newly identified vulnerabilities, reinforcing device security across a broader range of iPhones and iPads.
Initially released on March 24, 2026, Apple reissued the update on April 1 to ensure wider availability. This move highlights the urgency of protecting users from ongoing web-based attacks tied to the DarkSword exploit chain. Notably, Apple rarely revisits point updates unless there is a critical security concern, making this re-release particularly significant.
DarkSword, first identified in March 2026, represents a sophisticated attack framework actively used in real-world scenarios. Security researchers from Lookout, iVerify, and Google Threat Intelligence Group uncovered the exploit chain. Their investigation revealed that attackers deployed it through watering-hole attacks targeting users in regions such as Ukraine, Saudi Arabia, Turkey, and Malaysia.
The exploit chain combines six vulnerabilities to achieve complete device compromise. Specifically, it begins with code execution via Safari, then escalates privileges to gain kernel-level access. Ultimately, attackers deploy data-stealing malware like GHOSTBLADE to extract sensitive information from infected devices.
Although Apple had already patched several of these vulnerabilities in earlier updates starting in late 2025, this latest release ensures broader coverage. Therefore, devices that may not have received prior fixes now benefit from enhanced protection against these sophisticated threats.
Furthermore, iOS 18.7.7 introduces patches for a wide range of additional security flaws across system components. For instance, CVE-2026-28865 addresses an authentication issue that could allow attackers to intercept network traffic. Similarly, CVE-2026-20637 resolves a memory-related flaw in AppleKeyStore that could cause system crashes.
In addition, the update fixes clipboard vulnerabilities that could expose sensitive data, as well as CoreMedia issues that could terminate processes through malicious media files. Apple also addressed a flaw in the iTunes Store that could allow a physical attacker to bypass Activation Lock.
Importantly, several kernel-level vulnerabilities have been patched, including issues related to memory disclosure, corruption, and state leakage. These flaws could otherwise lead to system crashes or unauthorized privilege escalation.
Moreover, WebKit updates play a crucial role in strengthening browser security. These patches prevent cross-site scripting attacks, enforce Content Security Policy more effectively, and stop DNS leaks even when Private Relay is enabled.
While Apple confirmed that fully updated devices are already protected against DarkSword attacks, this update ensures that a wider user base benefits from these fixes. Therefore, enabling automatic updates is highly recommended to maintain optimal device security.
Recommended Cyber Technology News:
- Zcash Privacy Platform Launched via Z Protocol & Core Deal
- Halcyon and HYCU Expand Cloud Security Against Attacks
- Platform Science Launches Trust Portal to Enhance Fleet Security Transparency
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
