Still running iOS 18? Install this critical update ASAP

Thomas Trutschel / Contributor/ Photothek via Getty Images

Follow ZDNET: Add us as a preferred source on Google.

• Apple has launched a security patch for iPhones still running iOS 18.
• The patch protects them against the dangerous DarkSword exploit.
• Install the patch ASAP, but consider updating to iOS 26.

Getting the newest security patches for your iPhone usually means you have to be running the latest flavor of iOS; nowadays, that's iOS 26. In response to serious threats, Apple sometimes offers patches for older versions of iOS on devices that can't be updated.

But if you can update your iPhone to the latest OS and simply choose not to, you're generally out of luck. Now, a new and dangerous exploit has prompted Apple to backtrack on that policy.

Also: I've tracked Apple for nearly 50 years: How a garage rebel became a multitrillion-dollar empire

Rolled out today is a security patch designed to protect iPhones still running iOS 18 against the DarkSword exploit. As documented by Google and by security firms iVerify and Lookout on March 18, DarkSword is a particularly vicious type of spyware exploit that can infect vulnerable iPhones with malware; all you have to do is visit a malicious or compromised website.

DarkSword exploit leaves no traces

Attackers can then control your infected device, allowing them to spy on your activities, steal personal files, capture your text messages, grab stored passwords, and infiltrate cryptocurrency accounts. After the exploit has completed its mission, all traces of the infection are removed so that you wouldn't even know you've been victimized, according to Malwarebytes.

Active since November 2025, DarkSword has been weaponized by several cybercriminal and state-backed groups. So far, most of the attacks have targeted countries such as Saudi Arabia, Turkey, Malaysia, and Ukraine. But the exploit was recently published on GitHub, turning it into a malicious tool that could be used by anyone, anywhere.

"Two main factors make the DarkSword exploit chain particularly dangerous: first, it is highly reliable; second, its source code has been leaked, making it easily adaptable by multiple threat actors," Vincenzo Iozzo, CEO and co-founder of identity security firm SlashID, told ZDNET. "Threat intelligence from Google and other vendors indicates that this adaptation is already happening among threat actors. Notably, DarkSword primarily targets iOS 18."

Also: How to enable Private DNS mode on your iPhone - and why it's important to do so ASAP

DarkSword can also affect iPads without the latest security update. Initially, only certain versions of iOS and iPadOS were patched to protect them against DarkSword. That covered not only iOS 26.3 and iPadOS 26.3 but also extended to prior versions, such as iOS 15.8.7, iPadOS 15.8.7, iOS 17.6.15, iPadOS 16.7.15, and iOS 18.7.7, and iPadOS 18.7.7.

However, the patches for older versions are designed more for devices unable to update to iOS 26. The patch rolled out today marks a different spin for Apple. Traditionally, the company advises users to install the newest OS to get the latest security patches. But the new patch is aimed at iPhone owners who can jump to iOS 26 but have chosen to stick with iOS 18.

"The combination of its reliability and accessibility is likely why Apple decided to backport the patch," Iozzo explained. "Furthermore, while users historically transition to the latest iOS version quickly, currently only 50%-66% of the iOS population is on iOS 26. This leaves a significant portion of the customer base vulnerable."

Why the resistance to update? Some people don't like the Liquid Glass effect introduced with iOS 26, though Apple has gradually added ways to adjust it. Others may worry that the update will change familiar things or force them to learn new ways to use their phone.

How to get the update

If you are still running iOS 18 or iPadOS 18, you should grab the latest update ASAP. For this, head to Settings, select General, and then choose Software Update. Allow the latest update to download and install. The new versions are iOS 18.7.7 and iPadOS 18.7.7, but with a build number of 22H340. To avoid having to manually download such updates in the future, select and turn on the option for Automatic Updates at the Software Update screen.

Also: iOS 26.4 brings meaningful upgrades to your iPhone - including a long-awaited keyboard fix

Finally, consider updating to iOS 26 if you can. Though Apple may have saved your bacon this time, that won't always be the case. Yes, updating to a new OS can be challenging and sometimes problematic. But with new, more dangerous forms of malware popping up, running the latest version of iOS is still your best bet for staying protected.