Still running iOS 18? Install this critical update ASAP

Thomas Trutschel / Contributor/ Photothek via Getty Images

Follow ZDNET: Add america arsenic a preferred source connected Google.

• Apple has launched a information spot for iPhones inactive moving iOS 18.
• The spot protects them against the unsafe DarkSword exploit.
• Install the spot ASAP, but see updating to iOS 26.

Getting the newest information patches for your iPhone usually means you person to beryllium moving the latest spirit of iOS; nowadays, that's iOS 26. In effect to superior threats, Apple sometimes offers patches for older versions of iOS connected devices that can't beryllium updated.

But if you tin update your iPhone to the latest OS and simply take not to, you're mostly retired of luck. Now, a caller and unsafe exploit has prompted Apple to backtrack connected that policy.

Also: I've tracked Apple for astir 50 years: How a store rebel became a multitrillion-dollar empire

Rolled retired contiguous is simply a information spot designed to support iPhones inactive moving iOS 18 against the DarkSword exploit. As documented by Google and by information firms iVerify and Lookout connected March 18, DarkSword is simply a peculiarly vicious benignant of spyware exploit that tin infect susceptible iPhones with malware; each you person to bash is sojourn a malicious oregon compromised website.

DarkSword exploit leaves nary traces

Attackers tin past power your infected device, allowing them to spy connected your activities, bargain idiosyncratic files, seizure your substance messages, drawback stored passwords, and infiltrate cryptocurrency accounts. After the exploit has completed its mission, each traces of the corruption are removed truthful that you wouldn't adjacent cognize you've been victimized, according to Malwarebytes.

"Two main factors marque the DarkSword exploit concatenation peculiarly dangerous: first, it is highly reliable; second, its root codification has been leaked, making it easy adaptable by aggregate menace actors," Vincenzo Iozzo, CEO and co-founder of individuality information steadfast SlashID, told ZDNET. "Threat quality from Google and different vendors indicates that this adaptation is already happening among menace actors. Notably, DarkSword chiefly targets iOS 18."

Active since November 2025, DarkSword has been weaponized by respective cybercriminal and state-backed groups. So far, astir of the attacks person targeted countries specified arsenic Saudi Arabia, Turkey, Malaysia, and Ukraine. But the exploit was precocious published connected GitHub, turning it into a malicious instrumentality that could beryllium utilized by anyone, anywhere.

Also: How to alteration Private DNS mode connected your iPhone - and wherefore it's important to bash truthful ASAP

DarkSword tin besides impact iPads without the latest information update. Initially, lone definite versions of iOS and iPadOS were patched to support them against DarkSword. That covered not lone iOS 26.3 and iPadOS 26.3 but besides extended to anterior versions, specified arsenic iOS 15.8.7, iPadOS 15.8.7, iOS 17.6.15, iPadOS 16.7.15, and iOS 18.7.7, and iPadOS 18.7.7.

However, the patches for older versions are mostly designed for devices incapable to update to iOS 26. The spot rolled retired contiguous marks a antithetic rotation for Apple. Traditionally, the institution has ever advised users to update to the newest OS to get the latest information patches. But today's rollout is aimed astatine iPhone owners who tin update to iOS 26 but person chosen to instrumentality with iOS 18.

"The operation of its reliability and accessibility is apt wherefore Apple decided to backport the patch," Iozzo explained. "Furthermore, portion users historically modulation to the latest iOS mentation quickly, presently lone 50%-66% of the iOS colonisation is connected iOS 26. This leaves a important information of the lawsuit basal vulnerable."

Why the resistance to update? Some radical don't similar the Liquid Glass effect introduced with iOS 26, though Apple has gradually added ways to set it. Others whitethorn interest that the update volition alteration acquainted things oregon unit them to larn caller ways to usage their phone.

How to get the update

If you are inactive moving iOS 18 oregon iPadOS 18, you should drawback the latest update ASAP. For this, caput to Settings, prime General, and past take Software Update. Allow the latest update to download and install. The caller versions are iOS 18.7.7 and iPadOS 18.7.7, but with a physique fig of 22H340. To debar having to manually download specified updates successful the future, prime and crook connected the enactment for Automatic Updates astatine the Software Update screen.

Also: iOS 26.4 brings meaningful upgrades to your iPhone - including a long-awaited keyboard fix

Finally, see updating to iOS 26 if you can. Though Apple whitethorn person saved your bacon this time, that won't ever beryllium the case. Yes, updating to a caller OS tin beryllium challenging. But with new, much unsafe forms of malware popping up, moving the latest mentation of iOS is inactive your champion stake for staying protected.