If you’ve been clinging to iOS 18 to avoid Apple’s Liquid Glass interface, you may be aware that it comes with a security trade-off that exposes your iPhone to vulnerabilities already fixed in iOS 26. But in some good news, Apple is rolling out a fresh version of iOS 18 that will protect newer iPhones from the “DarkSword” attack.
DarkSword can remotely install malware on iPhones running iOS 18.4 to 18.7. Apple released a patch in December via iOS 18.7.3, but only for the iPhone XS and XR, which don’t support iOS 26. Everyone else was encouraged to upgrade to iOS 26 to avoid DarkSword.
Adoption has been slow, however. An estimated 16% to 20% of newer iPhones are still running iOS 18. On social media, some users say they’ve been ducking iOS 26 precisely because of its controversial Liquid Glass interface, which has received mixed reviews for its translucent design.
(Credit: Apple)
So, as Wired first reported, Apple is taking the rare step of “backporting” its security patches. We’re up to iOS 18.7.7, released last week, also just for the iPhone XS and XR. But it’s now available for newer models, including the iPhone 11 through iPhone 16 and the second-gen iPhone SE, meaning they, too, get the DarkSword patch. Apple did the same with iPadOS 18.7.7.
“Users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword,” Apple says.
To manually install iOS 18.7.7 on your iPhone, navigate to Settings > General > Software Update. Scroll down to Also Available and tap iOS 18.7.7 and choose whether to install it now or later.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
(Credit: PCMag/Apple)
The threat of DarkSword has only grown after a user leaked the attack online, making it easy for other hackers to adopt and potentially improve it. Suspected Russian state-sponsored hackers have been sending phishing emails with a link to websites hosting the DarkSword exploit.
“Leaving those users exposed would be a hard decision to defend, particularly for a company that centers its brand around security and privacy,” said Rocky Cole, a co-founder of iVerify, one of the cybersecurity providers that investigated and warned about DarkSword. “Apple has found itself in a unique position now, where in the past, the vast majority of users upgraded to the latest iOS within 2 weeks of release, iOS 26 had a very public pushback against it.”
Recommended by Our Editors
In an updated support page, Apple wrote: “Devices with older versions of iOS 18 will receive an additional alert to install a Critical Security Update.”
However, some users say DarkSword pushed them to update to iOS 26 prior to Wednesday’s release. “I reluctantly updated to iOS 26.4 because of the exploit, and now they are releasing it for all devices,” wrote one disappointed user on Reddit.
For even older iPhones, Apple released a “software update for iOS 15 and iOS 16 on March 11, 2026, to extend protection to older devices that cannot update to the latest version of iOS.” The built-in Lockdown Mode can also protect against DarkSword and other attacks that exploit malicious web content.
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
Leave a comment