Apple Extends iOS 18 Patches After DarkSword Exploit Kit Targets Legacy Devices
What Happened — Apple announced that iOS 18.7.7 will be back‑ported to a broad set of older iPhone and iPad models to mitigate the DarkSword exploit kit, which has been actively weaponised since 2025. The move marks a rare policy shift, allowing devices that have not upgraded to iOS 26 to receive critical security fixes.
Why It Matters for TPRM —
- Legacy iOS devices remain in many enterprise BYOD programs, expanding the attack surface for third‑party risk.
- Unpatched mobile endpoints can become conduits for data exfiltration, credential theft, and lateral movement into corporate networks.
- Vendors that rely on Apple’s ecosystem must reassess their patch‑management controls and verify that end‑users enforce automatic updates.
Who Is Affected — Consumer electronics, enterprise BYOD programs, mobile‑app developers, and any third‑party service that processes data on iOS 18 devices.
Recommended Actions —
- Verify that all contracted vendors enforce automatic iOS updates or provide a remediation plan for devices stuck on iOS 18.
- Update mobile device management (MDM) policies to require iOS 18.7.7 or later for all Apple devices.
- Conduct a risk assessment of data flows that traverse iOS 18 endpoints and consider additional encryption or tokenisation.
Technical Notes — The DarkSword kit exploits a chain of web‑based vulnerabilities in iOS 18’s WebKit component, allowing remote code execution and data theft when a user clicks a malicious link. Apple’s fix was originally released in 2025 for iOS 26 and has now been back‑ported. No CVE numbers were disclosed in the public statement. Source: Help Net Security