Apple expands security suite in iOS 18.7.7 to block remote attacks on iPhones and iPads

The North American technology manufacturer has released a new version of its mobile operating system, covering smartphone and tablet platforms. The build identified as 22H340 reaches users through software updates, extending critical fixes to the entire base of devices compatible with the previous generation of the system. The measure aims to protect equipment against silent intrusions that occur while browsing the internet.

The main focus of this software package is to neutralize a cyber exploit chain that is widely known to digital security experts. The flaw allowed malicious actors to take control of vital device functions without the owner noticing any unusual activity. Technical intervention closes the door to this type of remote attack, ensuring the integrity of data stored in internal memory.

Mobile device owners who keep the automatic download setting turned on will receive the protection files in the background. Para For others, installation requires a manual check in the device’s configuration menus. The recommendation of technology experts is that the procedure be carried out urgently, given the seriousness of the threats neutralized by this specific version.

Vulnerability mechanics and risks to users

The threat mitigated by this update acts stealthily, exploiting authentication loopholes and flaws in the operating system’s state management. Conhecida in the midst of information security codenamed DarkSword, this chain of malicious code was designed to compromise equipment operating on vulnerable versions, specifically between builds 18.4 and 18.7. The main attack vector occurs through access to previously infected web pages or those developed for the sole purpose of distributing the malicious payload. Diferente of traditional scams that require the download of an executable file or the granting of permissions by the user, this exploitation occurs invisibly, simply for the victim to access the compromised email address for the attacker code to begin scanning and subsequently invading the system, escalating privileges until silently obtaining remote control of the device’s functions.

Technical details about data mining

The attack’s architecture focused primarily on the system’s native browser and its page rendering components. When processing malicious code embedded in websites, the application failed to isolate processes, allowing the threat to escape the secure browsing environment.

Once access was established, attackers focused their efforts on extracting highly sensitive information. The main target included banking credentials, passwords saved in the system manager and data linked to cryptocurrency wallets, resulting in direct financial losses for victims.

To ensure persistence and make the work of security researchers more difficult, the malicious code had self-destruction routines. Após transferring the stolen data to external servers, the threat erased its own traces from the device’s memory, making subsequent detection extremely complex.

Expanded support for old and new devices

Initially, the manufacturer had restricted the distribution of this specific build only to older models of smartphones and tablets. However, analysis of the threat’s behavior and its rapid dissemination forced a change in strategy, resulting in the release of the package for all equipment supported by generation 18 of the system.

This decision directly benefits a significant portion of consumers who, due to hardware limitations or personal preference, chose not to migrate to the latest version of the company’s software. Delivering high priority fixes to older generation systems demonstrates the level of criticality attributed to state management failure.

Recommended procedures for installing the system

Checking the availability of the security package must be done through the main equipment settings menu, navigating to the general section and selecting the software update option. The system will communicate with the manufacturer’s servers to validate compilation 22H340.

Leia Tambem

Colby Minifie confirms Ashley Barrett’s powers in The Boys season five

Napoli x Milan in Serie A with confirmed lineups and where to watch live

New battery test puts Galaxy S26 Ultra ahead of iPhone 17 Pro Max in global ranking

For the transfer and installation process to occur without interruptions, it is essential that the device is connected to a stable wireless network. The use of mobile connections may result in download failures or excessive consumption of the user’s data allowance.

In addition to connectivity, power management is a crucial factor during security patching. The system requires that the battery has a minimum safe charge or that the equipment is connected directly to a power source throughout the procedure.

After the installation is complete and the device automatically restarts, no visual or interface changes will be noticed by the owner. The package acts strictly on the internal layers of the code, reinforcing protection barriers without modifying the daily use experience.

Malicious actors and the use of surveillance tools

Investigations conducted by independent cybersecurity laboratories revealed that the exploit chain was not used by common criminals, but rather by highly sophisticated groups. Entre The identified operators include commercial providers of surveillance software and organizations with suspected state sponsorship. Esses Actors have abundant financial and technical resources to discover and exploit complex vulnerabilities before manufacturers have the opportunity to develop and distribute appropriate security fixes to the general public.

The use of attacks that do not require interaction from the victim represents the pinnacle of modern digital espionage. By eliminating the need for social engineering, such as convincing the target to click on a fake link in a messaging app, attackers ensure a near-absolute success rate. Discovering and blocking these intrusion tools requires constant monitoring of network traffic and thorough analysis of memory failures in core operating system components, requiring rapid responses from software engineering teams.

Impact on default browser and internal components

The web page rendering engine used as standard on these devices was the main input vector for the injection of malicious commands. The complexity of processing modern programming languages ​​on the internet inevitably creates small logical loopholes that are extensively tested by researchers and criminals.

The implemented correction restructures the way the system handles the authentication of internal processes when triggered by the browser. Essa additional barrier prevents a malicious website from being able to send direct instructions to the operating system core, isolating the threat within the restricted environment of the browsing application.

Manufacturer’s strategy to mitigate active threats

Following strict corporate security protocols, the company responsible for developing the software chose to retain the deep technical details of the vulnerability until the vast majority of active devices on the market receive the update. Essa responsible disclosure policy prevents other criminal groups from using the patch information to create new variants of the attack and target users who have not yet downloaded the protected version on their equipment.