Apple on Wednesday expanded the availability of its iOS 18.7.7 and iPadOS 18.7.7 security updates to a wider range of devices, moving to patch critical vulnerabilities actively exploited by a surveillance tool known as DarkSword.
The update addresses a sophisticated zero-click exploit chain that allows an attacker to gain complete control over a target's iPhone or iPad without any user interaction. According to security disclosures, DarkSword leverages two primary flaws: a WebKit vulnerability (CVE-2026-1234) for initial code execution, often triggered by a specially crafted message, and a kernel vulnerability (CVE-2026-1235) to escalate privileges and take over the device.
Once compromised, a device is vulnerable to comprehensive surveillance, including data exfiltration, microphone and camera activation, and location tracking. The initial wave of attacks appears to have been highly targeted, focusing on journalists, activists, and political dissidents who often rely on tools like a VPN for communications security. While the patch is the only effective defense against this exploit, the incident underscores the advanced threats facing high-risk users.
Apple initially released the patch on March 25 for its newest devices after being privately notified of the active exploitation. The decision to broaden availability on April 1 followed public reporting on the exploit, ensuring that users with older supported models—such as the iPhone 13, 14, and 15 series—are also protected.
All users are strongly advised to install the update immediately by navigating to Settings > General > Software Update. Enabling Automatic Updates will ensure devices receive future critical patches as soon as they become available.
