Iphone 18 Backport: Apple Pushes iOS 18.7.7 Patch After DarkSword Phishing Surge
Apple has moved to patch devices running iphone 18 with a backported iOS 18. 7. 7 update after the DarkSword exploit began circulating publicly, Apple says. The update extends protections beyond the iPhone XS and XR to models from iPhone 11 through iPhone 16 and the second‑generation iPhone SE. Security firms warn phishing emails tied to a suspected Russia’s Federal Security Service campaign are now delivering links that load the DarkSword exploit in mobile browsers.
Iphone 18 Backport Brings Critical Fix to Newer Models
The iOS 18. 7. 7 release is a rare backport: Apple had issued earlier patches only for older models that cannot run iOS 26, and has now widened the fix so devices still on iphone 18 receive the DarkSword protection. DarkSword can remotely install malware on iPhones running iOS 18. 4 to 18. 7, making the patch urgent for users who kept their phones on iphone 18 to avoid the newer interface changes. Apple notes that users with Automatic Updates turned on can automatically receive these security protections for web attacks called DarkSword, and the company added an alert mechanism for devices on older iOS 18 builds to install a Critical Security Update.
To manually install the update on a phone still running iphone 18, navigate to Settings > General > Software Update, scroll to Also Available, tap iOS 18. 7. 7 and choose to install now or later. Apple also released a software update for iOS 15 and iOS 16 on March 11, 2026 ET to extend protection to older devices that cannot update to the latest version of iOS.
DarkSword Phishing Campaign and Immediate Reactions
Proofpoint detected phishing emails that include a link to sites hosting the DarkSword exploit and says the targeting appears aligned with international organizations of interest. “While activity from this [Russian] actor has historically been low volume, we’ve recently observed a modest increase, with campaigns reaching into the dozens of messages rather than single digits, ” Proofpoint says. A named individual who reported receiving one of the phishing emails is Leonid Volkov.
Security practitioners highlight the risk to devices that remain on iphone 18: the leak of DarkSword online has made it easier for other actors to adopt and modify the exploit, increasing the scale and speed of attacks. Rocky Cole, co‑founder of iVerify, said, “Leaving those users exposed would be a hard decision to defend, particularly for a company that centers its brand around security and privacy. ” Providers also note that built‑in Lockdown Mode can mitigate attacks that exploit malicious web content.
Quick Context and What Comes Next
Adoption of iOS 26 has been slower than past upgrades, in part because some users objected to the Liquid Glass interface and chose to stay on iphone 18. Apple initially issued patches only for models that cannot run the latest iOS and then expanded the backport as the exploit spread.
Expect Apple to push additional alerts to phones on older iOS builds and for security teams to monitor the phishing campaign closely; organizations should advise employees and stakeholders to update devices and exercise caution with unexpected emails that include links. For users still on iphone 18, installing iOS 18. 7. 7 and enabling Automatic Updates are the immediate steps Apple has provided to blunt DarkSword, and further mitigations may follow as defenders track the campaign.
