Apple Will Push Out Rare ‘Backported’ Patches to Protect i OS 18 Users From Dark Sword Hacking Tool | WIRED

Overview

Apple Will Push Out Rare ‘Backported’ Patches to Protect i OS 18 Users From Dark Sword Hacking Tool

When it comes to i OS, Apple has largely maintained a take-it-or-leave-it approach to security updates. Want the software patches Apple creates to fix the vulnerabilities exploited by hackers to compromise i Phones? Then the company would tell you to update your phone to the latest version of i OS your hardware can handle—with no room for lingering on an older version just because you enjoy its retro look or familiar features.

Details

Now, however, the appearance of not one but two sophisticated, in-the-wild i Phone hacking techniques in a single month—and some i Phone owners’ distaste for the look and feel of the latest version of i OS—may have finally shifted Apple’s patching policy. For the second time in just a few weeks, Apple is responding to the spread of a hacking tool by pushing out patches for older versions of i OS—and in the latest case, even for phones that have the capability to upgrade to its most recent version.

distaste for the look and feel of the latest version of i OS

An Apple spokesperson tells WIRED that the company will issue software updates on Wednesday morning to protect i OS users from a hacking technique known as Dark Sword, which is capable of silently taking over certain i Phones running i OS 18—the previous version of Apple’s mobile operating system—when they visit a website infected with the malicious code. Users of Apple’s latest i OS version released in September, i OS 26, were already protected against Dark Sword. But the new patch push is designed to specifically protect vulnerable i OS 18 users who have so far resisted updating to i OS 26.

Apple’s move to allow i OS 18 users to patch their devices without updating to its latest operating system version—a practice of protecting an older operating system version that the cybersecurity industry calls “backporting” a patch—marks a surprising pivot for Apple. When researchers at Google and cybersecurity firms i Verify and Lookout revealed Dark Sword nearly two weeks ago, Apple released i OS 18-specific patches only for older devices whose hardware was incompatible with i OS 26, and recommended all other users update to its most recent OS version.

Given that as many as a quarter of all i Phone users remained on i OS 18 as of February—and many of those users have consciously chosen not to upgrade to i OS 26 because of the unpopularity of its features like Apple's new “liquid glass” interface—that left many millions of holdouts facing a dilemma between their software preferences and their security.

Apple now appears to be changing its position in an effort to protect those holdouts. “Tomorrow we are enabling the availability of an i OS 18 update for more devices so users with auto-update enabled can automatically receive important security protections,” an Apple spokesperson wrote in a statement to WIRED. “We encourage all users with supported devices to update to i OS 26 to receive our most advanced protections.”

Users of i OS 18 who have auto-update turned on will automatically receive the version of i OS 18 that’s patched against Dark Sword, while those who don’t have auto-update enabled will have the option to update to either the latest, patched version of i OS 18 or to i OS 26.

Criticism of Apple's lack of backported patches for i OS 18 had grown over the past two weeks, as Dark Sword proliferated among hacker groups that have used the tool for everything from espionage to cryptocurrency theft. According to Google, Dark Sword has been used by various hacker groups to break into the i Phones of users in Malaysia, Saudi Arabia, Turkey, and Ukraine. In at least some instances, the code was left in a fully reusable state on the legitimate websites that had been compromised by hackers to carry out Dark Sword's intrusions, complete with helpful comments from its developer about how it worked, all making the tool easy to repurpose for any hacker that finds it.

Last week, Dark Sword was then posted to open source code repository Git Hub, making it all the more accessible. Security firms Malfors and Proofpoint soon after warned that another Russian hacker group linked to the Kremlin's FSB intelligence agency was sending out phishing emails that used the technique. Independent security researcher Johnny Franks tells WIRED that he found yet another new, active domain—a fake website written in English, capable of infecting US-based users—that was part of a Dark Sword hacking campaign as late as Thursday of last week, a finding confirmed by mobile security firm i Verify.

Despite Dark Sword’s growing threat to i OS 18 users, many stubbornly refused to update to i OS 26. On Reddit channels related to cybersecurity and i OS, some self-identified i Phone owners discussing Dark Sword argued that Apple seemed to be taking advantage of the Dark Sword hacking campaigns to push them onto its latest OS version, which some have found to be slow or overly animated.

“Apple is trying to force you onto the dumpster fire that is liquid glass,” one Reddit user wrote.

“If this is so serious, why wouldn't Apple insert a fix into i OS 18.x," another Redditor named asked.

“It's all bullshit propaganda!” another user wrote. “Not updating my phone is perfect on i OS 18.1.1."

For cybersecurity experts who have been waiting for Apple to act, the company’s move to now cater to those stubborn i OS 18 users received “better-late-than-never” reviews. “Apple is now, finally, doing this for the Dark Sword exploits, but only after they were already being abused by other attackers, putting i OS users at risk,” says Patrick Wardle, a former NSA hacker and now the CEO of the Apple-device-focused security firm Double You. “If protecting users actually matters, backporting critical fixes should be standard, not the exception.”

Dark Sword is, in fact, the second sophisticated, in-the-wild i Phone hacking technique in just the last month that’s inspired Apple to take the rare step of pushing out fixes for older versions of i OS. Earlier in March, the company also backported patches to protect users from a different, even more sophisticated i OS hacking toolkit known as Coruna. A week after researchers at Google and i Verify revealed that the Coruna i OS exploitation kit—which was likely created for the US government—had spread from Russian espionage hackers to profit-focused cybercriminals, Apple released security fixes for i OS 17, the even older version of Apple's mobile operating system that was vulnerable to Coruna’s set of hacking techniques.

Dark Sword's ability to compromise i OS 18 devices, however, left a different set of users vulnerable. Rocky Cole, cofounder of i Verify, notes that some of those users may have held out on updating to i OS 26 until now not simply because they don’t like its features but because they use specific or custom-made apps that aren't compatible with newer operating systems. In the UK, Apple has also added age verification features to i OS 26 that some users have resisted. Others may simply not have had enough storage space on their phone to carry out the update.

“Apple left a very large number of people vulnerable for a pretty long time,” Cole says of the two weeks it’s taken the company to push out the new fixes. “As to why they didn't backport fixes until now, I don't know. This is a severe enough problem that it merited doing it.”

Apple's historic practice of avoiding patching older versions of i OS may have escaped controversy, Cole argues, only because i OS hacking techniques have rarely spread as widely and publicly as Dark Sword and Coruna. Apple has long described i Phone hacking as a rare phenomenon carried out by sophisticated hackers targeting small numbers of high-risk users. But Dark Sword's appearance, especially coming on the heels of a similarly dangerous hacking toolkit revealed earlier the same month, has forced Apple and the people who use its products to reckon with the fact that i OS's security features haven't made them immune from intrusion—and to consider the trade-offs of protecting them.

“There are people out there who are, for one reason or another, unwilling or unable to use the latest version of i OS,” says Cole. If insisting that users update to that most recent operating system is Apple’s only security strategy, he says, “there are going to be a very large number of i Phone users exposed to these increasingly pervasive and severe attacks.”

In your inbox: Will Knight's AI Lab explores advances in AI

In your inbox: Will Knight's AI Lab explores advances in AI

Big Story: Inside Open AI’s race to catch up to Claude Code

Big Story: Inside Open AI’s race to catch up to Claude Code

How ‘Handala’ became the face of Iran’s hacker counterattacks

How ‘Handala’ became the face of Iran’s hacker counterattacks

Listen: Nvidia’s ‘Super Bowl of AI,’ and Tesla disappoints

Listen: Nvidia’s ‘Super Bowl of AI,’ and Tesla disappoints

Key Takeaways

• Apple Will Push Out Rare ‘Backported’ Patches to Protect i OS 18 Users From Dark Sword Hacking Tool

• When it comes to i OS, Apple has largely maintained a take-it-or-leave-it approach to security updates

• Now, however, the appearance of not one but two sophisticated, in-the-wild i Phone hacking techniques in a single month—and some i Phone owners’ distaste for the look and feel of the latest version of i OS—may have finally shifted Apple’s patching policy

• distaste for the look and feel of the latest version of i OS

• An Apple spokesperson tells WIRED that the company will issue software updates on Wednesday morning to protect i OS users from a hacking technique known as Dark Sword, which is capable of silently taking over certain i Phones running i OS 18—the previous version of Apple’s mobile operating system—when they visit a website infected with the malicious code