Apple is doing something it usually avoids: shipping security fixes for iOS 18 without forcing users onto iOS 26. The change follows the spread of DarkSword, a hacking tool that can silently compromise some iPhones running iOS 18 when a user visits a malicious website, and it arrives after weeks of complaints that Apple’s usual ”just update” answer left a lot of people exposed.
The iOS 18 security update matters because this is not a niche corner case. Apple said users with auto-update enabled will automatically get the patched iOS 18 build, while others can choose between that fixed version and iOS 26. For a company that has treated older iOS branches like yesterday’s news, this is a notable reversal – and a sign that the patch-or-upgrade ultimatum was starting to look shaky as real-world exploit tools multiplied.
Why Apple is backporting the iOS 18 security update
Apple says the new update goes out on Wednesday morning, and it is aimed squarely at iOS 18 users who have not moved to iOS 26. Those users include people who dislike features such as the new ”liquid glass” interface, but also people with older habits, older apps, or not enough storage to make the leap.
That pool is big enough to matter. Apple was said to have as many as a quarter of all iPhone users still on iOS 18 as of February. In other words, this was never just a holdout problem for a few stubborn keyboard warriors on Reddit.
What DarkSword can do
DarkSword is the kind of exploit that makes security teams sweat: it can take over affected iPhones without obvious user action, and researchers say it has already been used against people in Malaysia, Saudi Arabia, Turkey, and Ukraine. Google and security firms iVerify and Lookout have linked it to a range of hacking activity, from espionage to cryptocurrency theft.
- Targets: certain iPhones running iOS 18
- Attack path: a malicious website
- Already protected: users on iOS 26
- New option: a patched iOS 18 build
One ugly detail makes the story worse: in some cases, the code was reportedly left reusable on compromised websites, complete with comments explaining how it worked. Then it showed up on GitHub, which is cybercrime’s favorite form of copy-and-paste distribution.
Apple’s rare backporting streak
DarkSword is the second sophisticated iPhone hacking technique in a single month to push Apple into backporting fixes. Earlier in March, Apple also issued patches for iOS 17 after a separate toolkit known as Coruna was disclosed and then seen spreading from Russian espionage hackers to profit-driven criminals.
That pattern tells you more than Apple would probably like. The company has spent years selling the idea that iPhone compromise is rare and reserved for a tiny set of high-value targets. But when multiple exploit kits become public, easy to reuse, and widely abused, ”just upgrade” starts sounding less like policy and more like a convenient excuse.
The company’s new position is still limited. Apple says users with supported devices should move to iOS 26 for the ”most advanced protections,” but it is now acknowledging that some users will not – or cannot – take that route quickly. That is overdue, and probably not the last time Apple is forced to say it.
What comes after iOS 18
The real question is whether this becomes a one-off concession or the start of a more normal backporting habit. If attackers keep turning older iOS versions into live targets, Apple may not get to decide whether older branches deserve patches; it may simply have to keep shipping them.