Apple has expanded availability of iOS 18.7.7 so more devices running iOS 18 can receive security updates that protect against the actively exploited DarkSword exploit kit. DarkSword abused six tracked CVEs and was used by actors such as PARS Defense, UNC6748, and UNC6353 to deploy infostealers and backdoors including GhostBlade, GhostKnife, and GhostSaber. #DarkSword #GhostBlade
Keypoints
- Apple enabled iOS 18.7.7 for more devices so users with Automatic Updates receive protections against DarkSword.
- DarkSword leverages six tracked CVEs: CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520.
- The exploit kit was used widely by commercial and state-linked actors including PARS Defense, UNC6748, and suspected UNC6353.
- Compromised devices saw deployment of JavaScript infostealers and backdoors such as GhostBlade, GhostKnife, and GhostSaber.
- A public GitHub release of the DarkSword kit increased risk to older iPhones that had limited access to iOS 18 security updates until this expansion.