When it comes to has iOS, Apple has largely maintained a take-it-or-leave-it approach to security updates. Want the software patches Apple created to fix vulnerabilities hackers exploited to compromise iPhones? Next, the company will ask you to update your phone to the latest version of iOS that your hardware can handle, with no option to dwell on an older version just because you like its retro looks or familiar features.
Now, however, the emergence of not one but two sophisticated iPhone hacking techniques in a single month – and the reaction of some iPhone owners disgust with the look and feel of the latest version of iOS– may have ultimately changed Apple’s patching policy. For the second time in just a few weeks, Apple is responding to the spread of a hacking tool by releasing patches for older versions of iOS and, in the latest case, even for phones that have the option to upgrade to their most recent version.
An Apple spokesperson told WIRED that the company will release software updates Wednesday morning to protect iOS users from a hacking technique known as DarkSwordcapable of silently taking control of some iPhones running iOS 18, the previous version of Apple’s mobile operating system, when they visit a website infected with the malicious code. Users of Apple’s latest iOS version released in September, iOS 26, were already protected against DarkSword. But the new patch is designed to specifically protect vulnerable iOS 18 users who have so far resisted updating to iOS 26.
Apple’s decision to allow iOS 18 users to patch their devices without updating to the latest version of the operating system — a practice of protecting an older version of the operating system that the cybersecurity industry calls “backporting” a patch — marks a surprising turn for Apple. When Google researchers and cybersecurity firms iVerify and Lookout revealed DarkSword nearly two weeks ago, Apple released iOS 18-specific patches only for older devices whose hardware was incompatible with iOS 26 and recommended all other users update to their most recent operating system version.
Given that as of February, up to a quarter of all iPhone users remained on iOS 18, and many of those users consciously chose not to upgrade to iOS 26 due to the unpopularity of its features like Apple’s new “liquid glass” interface– which has left millions of holdouts facing a dilemma between their software preferences and their security.
Apple now seems to be changing its position in order to protect these recalcitrants. “Tomorrow, we are enabling an iOS 18 update to become available for more devices so that users who have auto-updating enabled can automatically benefit from important security protections,” an Apple spokesperson wrote in a statement to WIRED. “We encourage all users with supported devices to update to iOS 26 to benefit from our most advanced protections.”
iOS 18 users who have auto-update enabled will automatically receive the version of iOS 18 patched against DarkSword, while those who don’t have auto-update enabled will have the option to update to the latest patched version of iOS 18 or to iOS 26.
Criticism over Apple’s lack of backported fixes for iOS 18 has grown over the past two weeks, as DarkSword proliferated among hacker groups who have used the tool for everything from espionage to cryptocurrency theft. According to GoogleDarkSword has been used by various hacker groups to break into the iPhones of users in Malaysia, Saudi Arabia, Turkey and Ukraine. In at least some cases, the code was left in a fully reusable state on legitimate websites that had been compromised by hackers to carry out DarkSword’s intrusions, accompanied by helpful feedback from its developer on how it worked, all of which made the tool easy to reuse for any hacker who found it.
Last week, DarkSword was then published in the GitHub open source code repositorymaking it all the more accessible. Security firms Malfors and Proofpoint warned soon after that another group of Russian hackers linked to the Kremlin’s intelligence agency, the FSB, was sending phishing emails using the technique. Independent security researcher Johnny Franks told WIRED he discovered another new active domain – a fake website written in English, capable of infecting US-based users – that was part of a DarkSword hacking campaign on Thursday of last week, a discovery confirmed by mobile security firm iVerify.
Despite DarkSword’s growing threat to iOS 18 users, many have stubbornly refused to update to iOS 26. On cybersecurity and iOS-related Reddit channels, some self-identified iPhone owners discussing DarkSword argued that Apple appeared to be taking advantage of DarkSword’s hack campaigns to push them to its latest version of the operating system, which some have found slow or too busy.
“Apple is trying to force you into the dumpster fire that is liquid glass,” one Reddit user wrote.
“If it’s that bad, why wouldn’t Apple put a fix in iOS 18.x,” asked another named Redditor.
“It’s bullshit propaganda!” another user wrote. “Don’t update my phone is fine on iOS 18.1.1.”
For cybersecurity experts who have been waiting for Apple to act, the company’s decision to now respond to stubborn iOS 18 users has received “better late than never” criticism. “Apple is finally doing this for the DarkSword exploits, but only after they have already been exploited by other attackers, putting iOS users at risk,” says Patrick Wardle, a former NSA hacker and now CEO of Apple device-focused security firm DoubleYou. “If user protection is truly important, backporting critical patches should be the norm, not the exception. »
DarkSword is, in fact, the second sophisticated iPhone hacking technique in the past month that has inspired Apple to take the rare step of offering patches for older versions of iOS. Earlier in March, the company also backported fixes to protect users from a different, even more sophisticated iOS hacking toolkit. known as La Coruna. A week after researchers from Google and iVerify revealed that Coruna’s iOS exploit kit, likely created for the U.S. government, had spread from Russian spy hackers to profit-driven cybercriminals, Apple has released security patches for iOS 17, the even older version of Apple’s mobile operating system that was vulnerable to Coruna’s suite of hacking techniques.
DarkSword’s ability to compromise iOS 18 devices, however, has left another group of users vulnerable. Rocky Cole, co-founder of iVerify, notes that some of these users may have been hesitant to update to iOS 26 so far, not only because they don’t like its features, but because they use specific or custom apps that aren’t compatible with newer operating systems. In the UK, Apple also age verification added features in iOS 26 that some users have resisted. Others may simply not have had enough storage space on their phone to update.
“Apple left a huge number of people vulnerable for quite a long time,” Cole says of the two weeks it took the company to release the new fixes. “As for why they haven’t backported the fixes until now, I don’t know. It’s a big enough problem that it merits doing so.”
Apple’s historical practice of avoiding patching older versions of iOS may have escaped controversy, Cole argues, only because iOS hacking techniques have rarely spread as widely and publicly as DarkSword and Coruna. Apple has long described iPhone hacking as a rare phenomenon carried out by sophisticated hackers targeting a small number of high-risk users. But the emergence of DarkSword, especially on the heels of an equally dangerous hacking toolkit revealed earlier that same month, has forced Apple and the people who use its products to reckon with the fact that iOS’s security features haven’t made them safe from intrusion and to consider the tradeoffs of protecting them.
“There are people who, for one reason or another, don’t want to or can’t use the latest version of iOS,” Cole says. If insisting that users update to the latest operating system is Apple’s only security strategy, he says, “a very large number of iPhone users are going to be exposed to these increasingly widespread and serious attacks.”
