Listen to this Post

Introduction: A Critical Shift in Apple’s Security Strategy
Apple has taken a notable step to protect millions of iPhone users who have chosen to remain on iOS 18. In a move that signals both urgency and responsibility, the company has expanded the availability of its iOS 18.7.7 update to a much broader range of devices. This update is not just routine maintenance. It directly addresses the actively exploited DarkSword exploit kit, a sophisticated and increasingly widespread threat that has already impacted real-world targets.
For users who have delayed upgrading to newer operating systems, this decision provides a much-needed safety net. It also highlights a growing reality in mobile security: older systems are no longer safe by default, especially when powerful exploit kits become publicly accessible.
Summary: How DarkSword Became a Major iOS Threat
Apple confirmed that iOS 18.7.7 is now being rolled out to more devices, allowing users with automatic updates enabled to receive protections against web-based attacks linked to the DarkSword exploit kit. Interestingly, the vulnerabilities exploited by DarkSword were initially patched back in 2025, but the threat resurfaced in a more dangerous form as attackers began actively using the exploit chain.
The DarkSword exploit kit targets iPhones running iOS versions between 18.4 and 18.7. Researchers from Lookout, iVerify, and Google Threat Intelligence identified six vulnerabilities that power the exploit. These include CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520.
Unlike traditional iOS exploits, which are often reserved for highly targeted surveillance campaigns, DarkSword has been deployed on a much wider scale. It has been linked to multiple threat actors, including a Turkish commercial surveillance vendor known as PARS Defense, as well as groups tracked as UNC6748 and UNC6353, with suspected ties to Russian espionage operations.
The attack chain is particularly dangerous because it deploys multiple malware families. Among them is GhostBlade, a highly aggressive JavaScript-based infostealer capable of harvesting sensitive user data. Alongside it are GhostKnife, a backdoor that enables persistent access, and GhostSaber, another JavaScript-based threat capable of executing arbitrary code and exfiltrating information.
Apple has been gradually addressing these vulnerabilities since mid-2025, starting with iOS 18.6. However, by late 2025, the company shifted focus toward newer operating systems, leaving many iOS 18 users with limited access to ongoing security patches. Devices capable of upgrading to newer versions stopped receiving updates for newly discovered vulnerabilities, including those tied to DarkSword.
The situation worsened when the DarkSword exploit kit was publicly released on GitHub. This dramatically lowered the barrier for cybercriminals, allowing less sophisticated attackers to weaponize the exploit against older iPhones.
With the release of iOS 18.7.7, Apple has reversed course by extending update support to a wide range of devices. This includes models from the iPhone XR all the way up to the iPhone 16 series, along with multiple iPad generations. Users who remain on iOS 18 can now receive critical protections without being forced to upgrade their operating system.
What Undercode Say: The Real Implications Behind Apple’s Move
A Rare but Strategic Backtrack
Apple’s decision to extend security updates to older systems is not typical. The company usually encourages rapid adoption of newer iOS versions and gradually phases out support for older ones. This move suggests that the DarkSword threat reached a level that Apple could not ignore, especially after the exploit kit became publicly available.
Exploit Kits Are Changing the Game
Traditionally, iOS exploits were expensive, rare, and used in targeted attacks. DarkSword breaks that pattern. Once an exploit kit becomes accessible on platforms like GitHub, it transforms into a scalable weapon. This shifts the threat model from targeted espionage to potential mass exploitation.
The Danger of Staying on Older Systems
Users often remain on older iOS versions for stability or compatibility reasons. However, this incident highlights a major risk. Even if vulnerabilities are patched once, new exploit chains can revive them in unexpected ways. Without consistent updates, older systems become easy targets.
Multi-Stage Malware Is the New Standard
The use of GhostBlade, GhostKnife, and GhostSaber together shows a layered attack strategy. Attackers are no longer relying on a single payload. Instead, they deploy multiple tools that handle data theft, persistence, and execution separately. This makes detection and removal significantly harder.
Public Exploit Releases Accelerate Threat Spread
The GitHub release of DarkSword is a turning point. It democratizes exploitation. Attackers no longer need advanced skills to compromise devices. This increases the volume of attacks and reduces the time between vulnerability discovery and real-world exploitation.
Apple’s Silent Acknowledgment of User Behavior
By extending updates, Apple is indirectly acknowledging that many users do not upgrade immediately. Whether due to storage limitations, app compatibility, or personal preference, a large portion of the user base remains on older versions. Ignoring them would create a massive security gap.
Security vs Ecosystem Control
Apple’s ecosystem thrives on control and uniformity. Supporting older systems longer introduces fragmentation, something Apple typically avoids. This decision suggests that security concerns are now outweighing ecosystem consistency in certain cases.
The Bigger Industry Signal
This move could influence other tech companies. If exploit kits targeting older systems become more common, vendors may need to extend security support timelines. The traditional lifecycle of software updates may no longer be sufficient in a world of rapidly evolving threats.
Fact Checker Results
✅ Apple did expand iOS 18.7.7 availability to more devices for security protection
✅ DarkSword exploit kit has been actively used and publicly disclosed
❌ No confirmed evidence that all listed threat actors are directly collaborating
Prediction
🔮 Expect more exploit kits targeting mobile platforms to become publicly available
🔮 Apple may extend limited security support windows for older iOS versions more frequently
🔮 Multi-stage mobile malware campaigns will become increasingly common and harder to detect
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: www.bleepingcomputer.com
Extra Source Hub (Possible Sources for article):
https://www.digitaltrends.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon




