"We enabled the availability of iOS 18.7.7 for more devices"
7 hours ago
- #Vulnerability Patches
- #iOS Security
- #Apple Updates
- Apple released iOS 18.7.7 and iPadOS 18.7.7 on March 24, 2026, with expanded availability on April 1, 2026, for automatic updates to protect against DarkSword web attacks.
- This security update includes multiple vulnerability fixes across components such as 802.1X, AppleKeyStore, Audio, Clipboard, CoreMedia, Kernel, WebKit, and more.
- Notable vulnerabilities addressed: CVE-2026-28865 in 802.1X for network traffic interception, CVE-2026-20637 in AppleKeyStore for system termination, and CVE-2026-28879 in Audio for process crashes.
- Other key fixes include CVE-2026-28866 in Clipboard for data access, CVE-2026-20690 in CoreMedia for process termination, and CVE-2025-14524 in curl for sensitive information leakage.
- The update also resolves issues in Focus, iCloud, iTunes Store, Security, and Vision, covering denial-of-service, data access, Activation Lock bypass, and memory handling problems.
- Multiple WebKit vulnerabilities were patched, including CVE-2026-20665 for Content Security Policy enforcement, CVE-2026-20643 for Same Origin Policy bypass, and CVE-2025-43376 for DNS query leaks.
- Supported devices include iPhone XR to iPhone 16 models, various iPad models (mini, Air, Pro), with all fixes aimed at improving memory management, input validation, and state management.