Apple is making a rare exception to its standard security update policy, releasing patches for older versions of iOS to protect users from the widespread “DarkSword” hacking tool. This marks a shift in the company’s approach, which typically requires users to upgrade to the latest operating system to receive critical security fixes.
The DarkSword Threat and Why It Matters
The DarkSword exploit allows attackers to silently compromise iPhones running iOS 18, a previous version of Apple’s mobile OS, simply by visiting a malicious website. This is particularly dangerous because the tool has already been observed in active attacks targeting individuals in multiple countries, including Malaysia, Saudi Arabia, Turkey, and Ukraine. The fact that the hacking code was even posted to open-source platforms like GitHub further amplifies the threat, making it easily accessible to cybercriminals.
The situation escalated when DarkSword was linked to Russian intelligence-affiliated hacker groups. Experts warned that the tool was being used for espionage, cryptocurrency theft, and was even being distributed through phishing emails. The ease with which hackers can repurpose DarkSword makes it a high-priority threat that demanded a swift response.
Apple’s Unexpected Pivot
For years, Apple has insisted on an “update or risk it” approach to iOS security. If a vulnerability was discovered, the fix was only available with the newest software. Now, the company is “backporting” the patch – applying a security fix to an older OS version instead of forcing an upgrade. This is a surprising move, as it contradicts Apple’s usual policy.
The decision appears to be driven by the fact that a significant portion of iPhone users (roughly 25%) remain on iOS 18. Many have deliberately avoided upgrading to iOS 26 due to dissatisfaction with features like the controversial “liquid glass” interface. This created a large pool of vulnerable devices that hackers could exploit.
What Users Need to Know
Starting Wednesday, Apple will roll out updates for iOS 18 that specifically address the DarkSword vulnerability. Users with automatic updates enabled will receive the patch automatically. Those who disable automatic updates will have the option to install the fix or upgrade to iOS 26.
This change comes after mounting criticism of Apple’s handling of the DarkSword threat. Cybersecurity experts argued that leaving millions of users vulnerable for weeks was unacceptable. The company faced pressure from researchers and frustrated iPhone owners who questioned why a fix couldn’t be applied to the older OS version.
The Bigger Picture
DarkSword is the second major iOS exploit in recent months to force Apple to backpedal on its rigid update policy. The company also issued backported patches for the “Coruna” hacking toolkit earlier in March. The frequency of these incidents raises questions about Apple’s long-term security strategy and whether its current approach is sustainable in the face of increasingly sophisticated threats.
The fact that Apple is now bending to user preferences—even if those preferences are based on aesthetic dislike rather than technical necessity—suggests a growing recognition that forcing updates can leave a substantial number of users exposed. This change may not be ideal, but it’s a necessary step to protect a larger segment of the iPhone population.
Ultimately, Apple’s decision to backport fixes demonstrates that even the most controlled ecosystems can be forced to adapt when faced with a real and widespread security crisis.
