Apple Issues Rare iOS 18 Backported Patch to Block DarkSword iPhone Hack

iPhone with glowing shield deflecting DarkSword digital threat

In a rare departure from its update-or-else security philosophy, Apple has confirmed it will release backported security patches for iOS 18 to protect millions of iPhone users from DarkSword — a sophisticated one-click hacking tool that can silently take over any iPhone visiting an infected webpage.

What Is DarkSword?

First identified by the Google Threat Intelligence Group, DarkSword is a full-chain exploit kit that targets iPhones running iOS 18.4 through 18.7. The attack is devastatingly simple from the victim's perspective: visit a compromised website, and the toolkit silently exploits six different vulnerabilities in Safari and the iOS kernel to bypass all security protections and install data-stealing malware.

The toolkit was posted to GitHub last week, making it available to anyone with basic technical knowledge. Attacks have already been observed targeting users in China, Malaysia, Turkey, Saudi Arabia, and Ukraine.

Why Apple Is Breaking Its Own Rules

Apple has historically maintained a strict policy: if you want security patches, you must update to the latest iOS version. But an estimated 25% of iPhone users are still running iOS 18. Some are simply slow to update, while others are actively avoiding iOS 26 and its controversial Liquid Glass redesign.

This creates a dangerous security gap. Normally, Apple would tell these users to simply update to iOS 26, where the DarkSword vulnerabilities have already been patched. But with a quarter of the user base refusing to budge, Apple has made the pragmatic decision to meet them where they are.

The Backported Patch

The practice of "backporting" — creating security fixes for older software versions — is common in the enterprise world — a practice more common in enterprise software — but exceedingly rare for Apple's consumer products. The upcoming iOS 18 update will contain the same DarkSword protections already present in iOS 26, giving holdout users protection without forcing them to adopt the new interface.

The Bottom Line

Apple's decision to backport these patches is both pragmatic and telling. It signals that the company recognizes its Liquid Glass redesign has created an unusually large holdout population — and that leaving 25% of its users exposed to a publicly available exploit kit is an unacceptable risk, especially as digital safety regulations tighten globally. If you are still on iOS 18, watch for this update and install it immediately. DarkSword is not theoretical — it is actively being used in the wild.