Users staying on iOS 18 will get a patch for the worst iPhone attack vector we've ever seen

Following the emergence and public code leak of the severe DarkSword iPhone exploit, Apple is preparing to release a patch for users who choose to run iOS 18, so that they can be protected without upgrading to iOS 26.

On March 23, an exploit tool dubbed DarkSword was made publicly available on GitHub. While Apple has patched the exploit in iOS 26.3, and older devices stuck on previous versions of the operating systems, Apple is taking an extra step to help those who can update to iOS 26, but choose not to.

Rather than stick with the latest versions of those operating systems, Apple will also be "backporting" a patch, a spokesperson told Wired. This refers to the patching of an older operating system version, so that users can get the patch without updating their software in the normal fashion.

The intention is to protect the many users who haven't upgraded their iPhones to iOS 26 at all, even if their iPhone supports the newer version.

While the previous patches did apply to iOS 18, it was in a form meant only for those with hardware that supported iOS 18, but not iOS 26. This new patch is for those who have compatible devices, but don't want to use iOS 26.

The spokesperson explained that the iOS 18-specific update will be applied to all devices with auto-update enabled. For users who do not, they will still be able to manually apply the iOS 18 patch, or even upgrade to iOS 26.

AppleInsider strongly recommends that users update their devices to patch against DarkSword, even if they don't upgrade to iOS 26. Also, as usual, users should maintain good digital hygiene, including being aware of the safety or danger of links or file downloads.

Hack and Slash

DarkSword is an attack that goes after two iPhone vulnerabilities at the same time. The mechanics of the attack consist of the user opening malicious web content in Safari, which leads to full kernel control.

A successful attack will allow the attacker to break browser protections and access core parts of the operating system. This grants access to everything from stored data, messages, and photographs, with the capability to also track the device's location and activate the microphone and camera.

This is usually the remit of a highly sophisticated and targeted attack due to the resources it consumes. However, after becoming available for anyone to download on GitHub, DarkSword became more widespread, and a considerably bigger danger to users.