惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Palo Alto Networks Blog
P
Proofpoint News Feed
GbyAI
GbyAI
Microsoft Azure Blog
Microsoft Azure Blog
B
Blog
Google DeepMind News
Google DeepMind News
N
Netflix TechBlog - Medium
Recorded Future
Recorded Future
M
MIT News - Artificial intelligence
罗磊的独立博客
J
Java Code Geeks
月光博客
月光博客
F
Full Disclosure
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
U
Unit 42
WordPress大学
WordPress大学
A
About on SuperTechFans
C
Cyber Attacks, Cyber Crime and Cyber Security
SecWiki News
SecWiki News
Security Latest
Security Latest
C
Check Point Blog
C
CERT Recently Published Vulnerability Notes
小众软件
小众软件
I
InfoQ
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
B
Blog RSS Feed
V
Visual Studio Blog
博客园_首页
NISL@THU
NISL@THU
I
Intezer
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
The Register - Security
The Register - Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Latest news
Latest news
Project Zero
Project Zero
博客园 - 叶小钗
C
Cybersecurity and Infrastructure Security Agency CISA
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Privacy International News Feed
博客园 - 【当耐特】
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Threat Research - Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
T
Tor Project blog
V
Vulnerabilities – Threatpost
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
雷峰网
雷峰网

Security Latest

British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos World Cup Scams Are Getting Harder to Spot A Critical Deadline Is Approaching for Windows and Linux Security Hackers Claim to Leak Stolen Madison Square Garden Data How the Peter Thiel-Linked Dialog Club Secretly Ranks Its Members How to Watch the Knicks Parade on NYC Traffic Surveillance Cameras The UK Will Scan Asylum-Seekers’ Faces for Age Checks—Despite Knowing the Tech Is Flawed Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society ‘Dangerous’ AI Models Are Coming No Matter What Meta Tapped a Pentagon Supplier to Prototype Face Recognition for Its Glasses The FCC Wants to Kill Burner Phones Grok Is Still Hosting Sexualized Deepfakes of Famous Women Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US Soccer Fans, You’re Being Watched Mapping Every Flock License Plate Reader Near US World Cup Stadiums Amnesty International Warns That World Cup Fans Face Potential Human Rights Violations Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report All the Ways Europe Is Ditching American Technology Crypto-Funded Chinese Peptide Labs Are Booming Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones xAI Asks Court to Strip Alleged Grok Deepfake Nudes Victims of Anonymity Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling The Manhattan Institute Helped Kill DEI. Now It’s Coming for Protests The Romance Scammer Who Made a Small Fortune Posing as a WWE Superstar Websites Can Now Spy on You Through Your Hard Drive Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow The White House’s Aliens.gov Site Brags That ICE Arrested More Than 700 US Citizens The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks Internet Starts to Return in Iran After 3-Month Blackout US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows The AI Era Is Creating a Bug-Hunting Arms Race The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers ‘Creepy’ Listening Tool for Targeted Ads Didn’t Actually Work, FTC Says A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale The EU Is Going Through a Trump-Fueled Breakup With Big Tech A Bipartisan Amendment Would End Police License Plate Tracking Nationwide Madison Square Garden Bans Lawyer Representing New York Cop Injured at a Boxing Match Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds You Can Get Some of Your Nudes Removed From the Internet Under a New Law An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording Your iPhone Gets Stolen. Then the Hacking Begins DHS Plans Experiment Running ‘Reconnaissance’ Drones Along the US-Canada Border WhatsApp Adds Meta AI Chats That Are Built to Be Fully Private Foxconn Ransomware Attack Shows Nothing Is Safe Forever Iran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of Hormuz Hackable Robot Lawn Mower Unlocks a New Nightmare You Can Disable Gemini in Chrome if It’s Freaking You Out Cybercriminals Are Complaining About AI Slop Flooding Their Forums DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts Disneyland Now Uses Face Recognition on Visitors OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards California Engineer Identified in Suspected Shooting at White House Correspondents Dinner Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet AI Tools Are Helping Mediocre North Korean Hackers Steal Millions Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox Meta Is Sued Over Scam Ads on Facebook and Instagram They Built a Legendary Privacy Tool. Now They’re Sworn Enemies The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad It Takes 2 Minutes to Hack the EU’s New Age-Verification App Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance The Shocking Secrets of Madison Square Garden’s Surveillance Machine Europe’s Online Age Verification App Is Here The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market The FCC Has a Fast Lane for Complaints About Trump’s Media Critics Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators The Dumbest Hack of the Year Exposed a Very Real Problem Your Push Notifications Aren’t Safe From the FBI How the Internet Broke Everyone’s Bullshit Detectors Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think Politicians Are Spending More Money on Security as They Increasingly Become Targets ‘We Were Not Ready for This’: Lebanon's Emergency System Is Hanging by a Thread Men Are Buying Hacking Tools to Use Against Their Wives and Friends Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything Border Patrol Agents Sold Challenge Coins With ‘Charlotte’s Web’ Characters in Riot Gear Hackers Are Posting the Claude Code Leak With Bonus Malware Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards ‘Uncanny Valley’: Iran’s Threats on US Tech, Trump’s Plans for Midterms, and Polymarket’s Pop-up Flop What Happens When a Nuclear Site Is Hit? Unmasking the Paramilitary Agents Behind Trump’s Violent Immigration Crackdown Iran Threatens to Start Attacking Major US Tech Firms on April 1 The US Military’s GPS Software Is an $8 Billion Mess The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s How Trump’s Plot to Grab Iran's Nuclear Fuel Would Actually Work
Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool
2026-04-01 · via Security Latest

When it comes to iOS, Apple has largely maintained a take-it-or-leave-it approach to security updates. Want the software patches Apple creates to fix the vulnerabilities exploited by hackers to compromise iPhones? Then the company would tell you to update your phone to the latest version of iOS your hardware can handle—with no room for lingering on an older version just because you enjoy its retro look or familiar features.

Now, however, the appearance of not one but two sophisticated, in-the-wild iPhone hacking techniques in a single month—and some iPhone owners’ distaste for the look and feel of the latest version of iOS—may have finally shifted Apple’s patching policy. For the second time in just a few weeks, Apple is responding to the spread of a hacking tool by pushing out patches for older versions of iOS—and in the latest case, even for phones that have the capability to upgrade to its most recent version.

An Apple spokesperson tells WIRED that the company will issue software updates on Wednesday morning to protect iOS users from a hacking technique known as DarkSword, which is capable of silently taking over certain iPhones running iOS 18—the previous version of Apple’s mobile operating system—when they visit a website infected with the malicious code. Users of Apple’s latest iOS version released in September, iOS 26, were already protected against DarkSword. But the new patch push is designed to specifically protect vulnerable iOS 18 users who have so far resisted updating to iOS 26.

Apple’s move to allow iOS 18 users to patch their devices without updating to its latest operating system version—a practice of protecting an older operating system version that the cybersecurity industry calls “backporting” a patch—marks a surprising pivot for Apple. When researchers at Google and cybersecurity firms iVerify and Lookout revealed DarkSword nearly two weeks ago, Apple released iOS 18-specific patches only for older devices whose hardware was incompatible with iOS 26, and recommended all other users update to its most recent OS version.

Given that as many as a quarter of all iPhone users remained on iOS 18 as of February—and many of those users have consciously chosen not to upgrade to iOS 26 because of the unpopularity of its features like Apple's new “liquid glass” interface—that left many millions of holdouts facing a dilemma between their software preferences and their security.

Apple now appears to be changing its position in an effort to protect those holdouts. “Tomorrow we are enabling the availability of an iOS 18 update for more devices so users with auto-update enabled can automatically receive important security protections,” an Apple spokesperson wrote in a statement to WIRED. “We encourage all users with supported devices to update to iOS 26 to receive our most advanced protections.”

Users of iOS 18 who have auto-update turned on will automatically receive the version of iOS 18 that’s patched against DarkSword, while those who don’t have auto-update enabled will have the option to update to either the latest, patched version of iOS 18 or to iOS 26.

Criticism of Apple's lack of backported patches for iOS 18 had grown over the past two weeks, as DarkSword proliferated among hacker groups that have used the tool for everything from espionage to cryptocurrency theft. According to Google, DarkSword has been used by various hacker groups to break into the iPhones of users in Malaysia, Saudi Arabia, Turkey, and Ukraine. In at least some instances, the code was left in a fully reusable state on the legitimate websites that had been compromised by hackers to carry out DarkSword's intrusions, complete with helpful comments from its developer about how it worked, all making the tool easy to repurpose for any hacker that finds it.

Last week, DarkSword was then posted to open source code repository GitHub, making it all the more accessible. Security firms Malfors and Proofpoint soon after warned that another Russian hacker group linked to the Kremlin's FSB intelligence agency was sending out phishing emails that used the technique. Independent security researcher Johnny Franks tells WIRED that he found yet another new, active domain—a fake website written in English, capable of infecting US-based users—that was part of a DarkSword hacking campaign as late as Thursday of last week, a finding confirmed by mobile security firm iVerify.

Despite DarkSword’s growing threat to iOS 18 users, many stubbornly refused to update to iOS 26. On Reddit channels related to cybersecurity and iOS, some self-identified iPhone owners discussing DarkSword argued that Apple seemed to be taking advantage of the DarkSword hacking campaigns to push them onto its latest OS version, which some have found to be slow or overly animated.

“Apple is trying to force you onto the dumpster fire that is liquid glass,” one Reddit user wrote.

“If this is so serious, why wouldn't Apple insert a fix into iOS 18.x," another Redditor named asked.

“It's all bullshit propaganda!” another user wrote. “Not updating my phone is perfect on iOS 18.1.1."

For cybersecurity experts who have been waiting for Apple to act, the company’s move to now cater to those stubborn iOS 18 users received “better-late-than-never” reviews. “Apple is now, finally, doing this for the DarkSword exploits, but only after they were already being abused by other attackers, putting iOS users at risk,” says Patrick Wardle, a former NSA hacker and now the CEO of the Apple-device-focused security firm DoubleYou. “If protecting users actually matters, backporting critical fixes should be standard, not the exception.”

DarkSword is, in fact, the second sophisticated, in-the-wild iPhone hacking technique in just the last month that’s inspired Apple to take the rare step of pushing out fixes for older versions of iOS. Earlier in March, the company also backported patches to protect users from a different, even more sophisticated iOS hacking toolkit known as Coruna. A week after researchers at Google and iVerify revealed that the Coruna iOS exploitation kit—which was likely created for the US government—had spread from Russian espionage hackers to profit-focused cybercriminals, Apple released security fixes for iOS 17, the even older version of Apple's mobile operating system that was vulnerable to Coruna’s set of hacking techniques.

DarkSword's ability to compromise iOS 18 devices, however, left a different set of users vulnerable. Rocky Cole, cofounder of iVerify, notes that some of those users may have held out on updating to iOS 26 until now not simply because they don’t like its features but because they use specific or custom-made apps that aren't compatible with newer operating systems. In the UK, Apple has also added age verification features to iOS 26 that some users have resisted. Others may simply not have had enough storage space on their phone to carry out the update.

“Apple left a very large number of people vulnerable for a pretty long time,” Cole says of the two weeks it’s taken the company to push out the new fixes. “As to why they didn't backport fixes until now, I don't know. This is a severe enough problem that it merited doing it.”

Apple's historic practice of avoiding patching older versions of iOS may have escaped controversy, Cole argues, only because iOS hacking techniques have rarely spread as widely and publicly as DarkSword and Coruna. Apple has long described iPhone hacking as a rare phenomenon carried out by sophisticated hackers targeting small numbers of high-risk users. But DarkSword's appearance, especially coming on the heels of a similarly dangerous hacking toolkit revealed earlier the same month, has forced Apple and the people who use its products to reckon with the fact that iOS's security features haven't made them immune from intrusion—and to consider the trade-offs of protecting them.

“There are people out there who are, for one reason or another, unwilling or unable to use the latest version of iOS,” says Cole. If insisting that users update to that most recent operating system is Apple’s only security strategy, he says, “there are going to be a very large number of iPhone users exposed to these increasingly pervasive and severe attacks.”