Apple Issues Rare Backported Security Patches for iOS 18 Users Amid DarkSword Hacking Surge

Facing mounting pressure from cybersecurity experts and a growing wave of sophisticated iPhone hacking campaigns, Apple has made an unprecedented policy shift: the company will now distribute rare "backported" security patches to protect users still running iOS 18, the operating system released before its latest iOS 26 update. This decision comes after the emergence of DarkSword, a powerful hacking tool capable of silently hijacking vulnerable iPhones when users visit compromised websites. While iOS 26 users were already shielded from DarkSword, Apple’s new patch—scheduled for release on Wednesday morning—specifically targets the millions of iPhone owners who have resisted upgrading due to performance concerns, feature dissatisfaction, or compatibility issues.

Why Apple’s Rare Backporting Move Signals a Security Policy Shift

Apple’s decision to issue backported patches for iOS 18 marks a significant departure from its long-standing security strategy, which historically prioritized pushing users toward the latest operating system rather than maintaining older versions. For years, Apple has positioned iOS as a fortress against cyber threats, arguing that its tightly controlled ecosystem and rapid patching cadence make iPhone hacking a rare occurrence targeting only high-risk individuals. However, the simultaneous revelation of two advanced iPhone exploitation toolkits—DarkSword in late March and Coruna in early March—has exposed critical vulnerabilities in that narrative. Security researchers warn that these tools, once developed for state-sponsored espionage, are now proliferating among cybercriminals, turning once-theoretical risks into active threats for everyday users.

The Rise of DarkSword: A Hacking Tool with Global Reach

DarkSword first came to light on March 20, 2025, when Google’s Threat Analysis Group (TAG) and cybersecurity firms iVerify and Lookout jointly disclosed its existence. Unlike traditional malware that requires user interaction, DarkSword operates stealthily, exploiting a zero-day vulnerability in iOS 18’s WebKit browser engine to execute malicious code when users unknowingly visit an infected website. Researchers found evidence of DarkSword attacks in Malaysia, Saudi Arabia, Turkey, and Ukraine, with hackers leveraging the tool for espionage, cryptocurrency theft, and data exfiltration. Compounding the threat, DarkSword’s source code was published on GitHub a week later, democratizing access to the exploit for any cybercriminal with basic technical skills. By March 27, security firms Malforus and Proofpoint had identified Russian state-linked hacker groups—including one tied to Russia’s FSB intelligence agency—using DarkSword in phishing campaigns targeting Western users.

The tool’s rapid spread and adaptability underscore a troubling trend in mobile cybersecurity: once-exclusive exploits are now commoditized, lowering the barrier for even low-skilled attackers. Independent researcher Johnny Franks discovered an active DarkSword campaign as recently as March 26, involving a fraudulent English-language website designed to infect U.S.-based iPhone users. Mobile security firm iVerify confirmed Franks’ findings, highlighting how DarkSword’s modular design allows hackers to repurpose it for diverse malicious activities, from credential harvesting to surveillance.

The iOS 18 Holdout Dilemma: Why Some Users Refuse to Upgrade

Despite the clear and present danger posed by DarkSword, approximately 25% of iPhone users were still running iOS 18 as of February 2025, according to data from analytics firm Mixpanel. For many of these holdouts, the decision to avoid iOS 26 stems from deep dissatisfaction with its controversial design overhaul, dubbed "Liquid Glass" by critics. Introduced in September 2024, iOS 26’s fluid animations, translucent UI elements, and radical visual changes have drawn widespread backlash, with users complaining of sluggish performance, reduced battery life, and a jarring departure from iOS’s traditional aesthetic. On Reddit communities like r/jailbreak and r/iOS, threads discussing DarkSword devolved into debates over Apple’s perceived coercion.

Apple is trying to force you onto the dumpster fire that is liquid glass."

Others resist upgrading due to practical barriers. Some rely on legacy or custom apps incompatible with iOS 26, while others lack sufficient storage space for the update. In the United Kingdom, iOS 26’s new age-verification features have also sparked resistance among users who prefer the privacy of iOS 18’s less restrictive policies. Rocky Cole, cofounder of iVerify, notes that these holdouts represent a significant security gap. "Apple left a very large number of people vulnerable for a pretty long time," Cole says. "As to why they didn't backport fixes until now, I don't know. This is a severe enough problem that it merited doing it."

Apple’s Historic Reluctance to Backport Patches: A Security Trade-Off

Apple’s long-standing policy has been to focus security resources on the latest iOS version, arguing that older systems lack the infrastructure to support sustained updates. This approach aligns with Apple’s broader strategy of encouraging users to adopt newer software, which benefits from improved performance, privacy features, and hardware integration. However, the company’s stance has drawn criticism from cybersecurity advocates who argue that abandoning older versions leaves users—particularly those in regions with limited internet access or older devices—exposed to preventable risks. Patrick Wardle, a former NSA hacker and CEO of security firm DoubleYou, has been a vocal critic of Apple’s patching practices.

Apple is now, finally, doing this for the DarkSword exploits, but only after they were already being abused by other attackers, putting iOS users at risk. If protecting users actually matters, backporting critical fixes should be standard, not the exception.

Wardle’s criticism reflects a growing consensus that Apple’s patching strategy is reactive rather than proactive. The company’s delayed response to Coruna, another advanced iOS exploitation kit revealed in early March 2025, further illustrates this pattern. Coruna, which was initially developed for U.S. government use, spread rapidly among Russian espionage hackers and cybercriminals before Apple issued patches for iOS 17, the even older operating system vulnerable to its attacks. Like DarkSword, Coruna exploited flaws in iOS’s browser engine, allowing attackers to execute arbitrary code on compromised devices.

The Broader Implications: How DarkSword and Coruna Redefine iOS Threat Landscape

The emergence of DarkSword and Coruna represents a watershed moment for iOS security, signaling the end of an era where iPhones were considered impenetrable to all but the most sophisticated attackers. Both toolkits demonstrate how zero-day vulnerabilities in core iOS components—particularly WebKit—can be weaponized at scale, with devastating consequences. Security researchers warn that these exploits are likely just the beginning, as cybercriminals increasingly target mobile devices amid the global surge in remote work and digital transactions. The publication of DarkSword’s source code on GitHub has further lowered the barrier to entry, enabling even script kiddies to launch sophisticated iOS attacks.

What This Means for iPhone Users Moving Forward

Apple’s decision to issue backported patches for iOS 18 users is a tacit acknowledgment that its "update or be exposed" security model is unsustainable in an era of proliferating mobile threats. Moving forward, users can expect a more nuanced approach to patching, with Apple potentially prioritizing critical fixes for older versions when faced with active exploitation campaigns. However, the company has not committed to a formal policy change, leaving many questions unanswered. For now, users have two options: accept Apple’s latest security patches for iOS 18 or upgrade to iOS 26 for comprehensive protection. The company strongly encourages the latter, emphasizing that iOS 26 includes "the most advanced protections" against emerging threats.

• Apple will release emergency security patches for iOS 18 on Wednesday to address the DarkSword hacking tool, marking a rare shift in the company’s patching policy.
• DarkSword, a stealthy iOS exploit capable of hijacking iPhones via malicious websites, has spread globally and is now accessible to low-skilled attackers after its source code was published on GitHub.
• Nearly 25% of iPhone users remain on iOS 18 due to dissatisfaction with iOS 26’s "Liquid Glass" design, compatibility issues, or storage constraints, leaving them vulnerable to DarkSword.
• This is the second time in a month Apple has issued backported patches, following the revelation of Coruna, another advanced iOS exploitation kit linked to state-sponsored hackers.
• Critics argue Apple’s delayed response underscores a broader failure to proactively protect users who cannot or will not upgrade, highlighting tensions between usability and security.

Legal and Ethical Considerations: Who Bears Responsibility for Exposed Users?

The DarkSword and Coruna incidents raise pressing questions about corporate accountability in the digital age. While Apple has framed its patching decisions as a matter of user choice, cybersecurity experts argue that the company bears ultimate responsibility for the security of its ecosystem. The European Union’s Digital Markets Act (DMA), which took full effect in March 2025, imposes stricter obligations on tech giants like Apple to ensure the security of older software versions. Failure to comply could result in hefty fines or mandatory changes to iOS patching policies. Meanwhile, in the United States, lawmakers have increasingly scrutinized Apple’s security practices, particularly in the wake of high-profile data breaches and state-sponsored hacking campaigns.

How to Protect Your iPhone: A Step-by-Step Guide

For users who have resisted upgrading to iOS 26 or are still on iOS 18, taking immediate action is critical to mitigating the risk of DarkSword infections. Here’s what experts recommend:

1. Enable Automatic Updates for iOS 18

Apple’s upcoming security patch for iOS 18 will be delivered automatically to users with auto-update enabled. If you haven’t already, navigate to Settings > General > Software Update > Automatic Updates and toggle on "Download iOS Updates" and "Install iOS Updates."

2. Manually Update to the Latest iOS 18 Version

If auto-update is disabled, manually check for updates by going to Settings > General > Software Update. Download and install the latest version of iOS 18, which will include the DarkSword patch. Note that this update does not include iOS 26’s features or design changes.

3. Consider Upgrading to iOS 26 (If Possible)

While the iOS 18 patch addresses the DarkSword vulnerability, iOS 26 offers broader security protections, including fixes for Coruna and other known exploits. Before upgrading, check app compatibility and ensure you have at least 5GB of free storage. To update, go to Settings > General > Software Update and select iOS 26.

4. Avoid Suspicious Websites and Links

DarkSword exploits are triggered by visiting compromised websites. Be cautious of links in unsolicited emails, text messages, or social media posts, especially those from unknown senders. Use a reputable ad-blocker or security-focused browser extension to reduce exposure to malicious sites.

The Road Ahead: Will Apple Formalize Its Backporting Policy?

Apple’s decision to issue backported patches for iOS 18 is a positive step, but it remains to be seen whether the company will adopt a formal policy to protect older versions proactively. Industry analysts suggest that the company may introduce a tiered patching system, prioritizing critical fixes for widely used iOS versions while continuing to encourage upgrades to the latest software. However, such a shift would require significant investment in infrastructure and support for older systems—a challenge Apple has historically avoided. For now, users must navigate a fragmented security landscape, balancing the risks of outdated software against the frustrations of forced upgrades.