iOS 18.4–18.7 spyware patch alert

This is an iPhone security story, not a feature update story. The risk is simple — if you stayed on an older iOS 18 release, a malicious website could (support.apple.com)d already fixed pieces of this exploit chain in newer software, but a lot of people were still sitting on older iOS 18 builds. What changed is that App(cloud.google.com)ging users to update. (support.apple.com) ### What is DarkSword? DarkSword is the name re(support.apple.com)ence of bugs chained together so an attacker can move from a malicious webpage to deep device compromise. Google, Lookout, and others tied it to attacks in the wild, and Google said multiple threat actors adopted the same chain rather than building their own from scratch. That reuse is the scary part — once a good exploit kit exists, it spreads. (cloud.google.com) ### Who was using it? This was not framed as (support.apple.com)Sword use to commercial surveillance vendors and suspected state-backed groups, including campaigns tied to Ukraine-focused targeting. Apple’s own mercenary-spyware guidance matters here — these attacks usually hit a small number of people, but they are expensive, deliberate, and serious when they land. (cloud.google.com) ### Which iPhones were exposed? The exposed w(cloud.google.com)rough 18.7 range, with some reports narrowing that to older point releases like 18.6.2 or 18.7.2. Apple’s fix path tells the practical story better than the version archaeology: if you were not on the latest available build for your device, you needed to update. Apple now lists iOS 18.7.8 as the latest iOS 18 branch release and iOS 26.4.2 as the current mainline release. (thehackernews.com) released iOS 18.7.7 on March 24, 2026. Then, on April 1, it enabled that same update for more devices so Automatic Updates could push the protections more broadly. Apple says the DarkSword-related fixes first shipped in 2025, which means some users were technically protected already — but only if they had kept up with updates. (support.apple.com) ### Why the extra alert now? Because Apple seems to have decided that passive nudges were not enough. In its April 14 support note, Ap(thehackernews.com)al Security Update. That is Apple saying, in a very Apple way, stop putting this off. (support.apple.com) ### Does this mean everyone was being spied on? No — and that distinction matters. Mercenary spyware and exploit chains like this usually target a tiny slice of users. But the catch is that “rare” does not mean “ignore it.” If(support.apple.com)oring but effective: update fast, keep Safari protections on, and use Lockdown Mode if you are in a higher-risk group. Apple says devices on current software were not at risk from these reported attacks. (support.apple.com) ### So what should you do? If your iPhone can run iOS 2(support.apple.com)OS 18, make sure you are at least on the latest 18.7.x release available to your device. And if you are still on some older iOS 18 point release because “I’ll do it later,” this is the kind of patch warning that is actually about security, not cleanup. (support.apple.com) ### Bottom line The real news is not that Apple found bugs — that happens constantly. It is that an in-the-wild spyware-grade web exploit pushed Apple to widen backported protec(support.apple.com)arnings at anyone who had not updated yet. (support.apple.com)