サイバーニュース.jp

世界のサイバーなニュースを配信

Apple Releases iOS 18.7.7 Update to Defend Against DarkSword Exploit

カテゴリ:

Apple Launches Critical iOS and iPadOS Update

Apple has officially rolled out the iOS 18.7.7 and iPadOS 18.7.7 updates, aimed at protecting users from a critical web-based threat known as the DarkSword exploit.

The Threat of DarkSword Exploit

Originally released on March 24, 2026, Apple accelerated the update’s deployment via Automatic Updates on April 1 to ensure widespread and immediate protection. The DarkSword threat relies on malicious web content to compromise systems, making it crucial for all users to have these latest security definitions.

Supported Devices

The iOS 18.7.7 update covers a wide range of devices, including:

  • iPhone XR and later models up through the iPhone 16 lineup
  • Multiple generations of iPads

Critical Vulnerabilities Addressed

Beyond defending against DarkSword, iOS 18.7.7 also addresses over 15 significant security flaws:

  • Kernel: CVE-2026-20687 – Resolved a severe use-after-free memory issue that could lead to system crashes or unauthorized kernel memory writing.
  • WebKit: CVE-2026-20643 – Fixed a cross-origin logic issue in the Navigation API, allowing attackers to bypass Same Origin Policy via web attacks.
  • Security: CVE-2026-28864 – Improved permissions checking to prevent local attackers from gaining access to Keychain items.
  • Clipboard: CVE-2026-28866 – Enhanced symlink validation to stop unauthorized apps from accessing sensitive copied user data.
  • Network: CVE-2026-28865 – Fixed an 802.1X authentication state management issue, preventing attackers from intercepting network traffic from a privileged position.

User Privacy Enhancements

In addition to security fixes, Apple has also focused on enhancing user privacy:

  • Resolved a WebKit bug (CVE-2025-43376) that allowed remote attackers to view leaked DNS queries even when iCloud Private Relay was enabled.
  • Patched permission issues in iCloud and Crash Reporter, preventing rogue apps from secretly scanning and enumerating other applications installed on the device.

Immediate Update Recommended

Given the severity of DarkSword web attacks and underlying kernel-level vulnerabilities, all Apple users are strongly advised to update their devices immediately. Users can manually trigger the installation by navigating to Settings > General > Software Update if their device has not already applied the patch automatically.

元記事: https://gbhackers.com/apple-ios-18-7-7-update-defend-against-darksword-exploit/

投稿をさらに読み込む