Apple is finally giving iOS 18 holdouts a security patch for DarkSword, a move that closes an awkward gap for people whose phones could run iOS 26 but still hadn’t moved on. The company had already patched newer systems, but some supported devices were left relying on the upgrade path rather than a direct fix. That is a nice theory until a live exploit shows up on GitHub.
According to Wired, Apple will release the iOS 18 update on Wednesday morning, and the patch is meant to bring the same protections already available in iOS 26. Apple says users with auto-update enabled will receive the security fix automatically, while people who have updates turned off will be able to choose between the latest patched version of iOS 18 and iOS 26.
Which devices Apple already patched
The company has been pushing emergency updates across older branches after two separate exploits, Coruna and DarkSword, were used to chain vulnerabilities and compromise devices. In most cases, the attacks used WebKit as the entry point before escalating from there, which is a familiar Apple headache: the browser engine stays a popular target because it sits in front of so much of the web.
- iOS 15.8.7 and iPadOS 15.8.7: iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation)
- iOS 16.7.15 and iPadOS 16.7.15: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation
- iOS 18.7.7 and iPadOS 18.7.7: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Why the iOS 18 backport matters
The odd part was that Apple had patched iOS 18 only for devices that cannot run iOS 26, leaving supported hardware exposed if users simply hadn’t upgraded yet. That creates a very Apple-shaped security problem: the most capable devices can still be the most vulnerable if their owners sit on an older release. Backporting the fix removes that mismatch and should blunt the risk for the long tail of holdouts.
Apple also appears to be reacting to the exploit’s wider circulation. DarkSword was posted to GitHub last week, making it easier for attackers to study and reuse, which tends to shorten the window between proof-of-concept and real-world abuse. For users, the advice is boring but correct: install the update as soon as it appears, or move to iOS 26 if your device supports it.
What users will see next
The practical question now is whether Apple will keep treating older branches as a first-class security target or keep nudging everyone toward the newest release as the default answer. If the company wants fewer exposed devices sitting on compatible hardware, this is the right play. The next test is how quickly users notice the patch and how long the company keeps shipping these backports after the initial scramble fades.