Quick Brief
- Apple released iOS & iPadOS 18.7.7 (build 22H333) on March 24, 2026, for legacy devices only
- Update targets iPhone XR, iPhone XS, iPhone XS Max, and iPad 7th generation exclusively
- Patch addresses security vulnerabilities; Apple’s full CVE list for 18.7.7 was not yet published at time of writing
- Apple recommends immediate installation for all eligible device owners
Apple shipped iOS and iPadOS 18.7.7 (build 22H333) on March 24, 2026, a security-focused update targeting the iPhone XR, XS, and iPad 7th generation, the only devices still on iOS 18 that cannot upgrade to iOS 26. If your device is on that list, this update closes the most recently discovered attack surfaces on your hardware. Here is a verified breakdown of what changed, what was patched in the broader 18.7.x series, and whether installation is urgent.
What Is iOS 18.7.7 and Who Gets It
iOS 18.7.7 carries the internal build identifier 22H333, seeded first as a Release Candidate to beta testers on March 18, 2026, before reaching stable release six days later. Apple shipped it the same day as iOS 26.4, its current-generation update, meaning both branches received security attention simultaneously.
This update is part of Apple’s iOS 18.x maintenance branch, which runs in parallel with iOS 26 specifically for hardware that cannot run Apple’s current operating system. iPhone XR, iPhone XS, iPhone XS Max, and iPad 7th generation are the only eligible devices. If you own an iPhone 11 or newer, iOS 26.4 covers your equivalent security patches and iOS 18.7.7 will not appear in your Software Update screen.
Security Content: What Has Been Patched Across iOS 18.7.x
Apple had not published the full CVE breakdown for iOS 18.7.7 at the time this article was written. The iOS 18.7.x release series as a whole, however, documents a significant volume of confirmed vulnerabilities, which establishes the context for why 18.7.7 matters.
iOS 18.7.1 patched CVE-2025-43400, an out-of-bounds write issue addressed with improved bounds checking, which Forbes reported triggered an urgent update warning for all iPhone users in October 2025.
iOS 18.7.3, released December 12, 2025, was the most critical point release in this series. Apple confirmed two WebKit zero-days: CVE-2025-43529 (a use-after-free vulnerability with a CVSSv3.1 score of 9.8) and CVE-2025-14174 (a memory corruption issue with a CVSS score of 8.8), both discovered by Google’s Threat Analysis Group. Apple stated both were actively exploited in “extremely sophisticated attacks against specific targeted individuals on versions of iOS before iOS 26.” Processing maliciously crafted web content was sufficient to trigger either exploit, requiring no app installation or additional user interaction.
iOS 18.7.5, released February 10, 2026, patched four confirmed vulnerabilities: an Accessibility flaw (CVE-2026-20645) where a physically present attacker could view sensitive user information from a locked screen; a Books path handling issue (CVE-2025-43537) allowing malicious backup files to modify protected system files; a CoreMedia denial-of-service flaw; and a libexpat open-source vulnerability.
iOS 18.7.4 contained no published CVE entries, confirmed directly by Apple’s security releases page.
iOS 18.7.6, released March 4, 2026, specifically addressed an emergency call functionality issue affecting users in Australia.
Supported Devices for iOS & iPadOS 18.7.7
Compatibility for this update is intentionally narrow. The following hardware is eligible:
- iPhone XR (A12 Bionic, 2018)
- iPhone XS (A12 Bionic, 2018)
- iPhone XS Max (A12 Bionic, 2018)
- iPad 7th generation (A10 Fusion, 2019) for iPadOS 18.7.7
All iPhone 11 and newer models receive their security coverage through iOS 26.4, released the same day as this update. Owners of those devices will not see an 18.7.7 prompt in Settings.
Why Apple Continues Patching iOS 18 After iOS 26 Launched
Apple released iOS 26 alongside the iPhone 17 series in September 2025. iPhone XR and XS hardware, built around Apple’s A12 Bionic chip, cannot run iOS 26. These devices remain in active use across multiple markets, particularly in India where they are widely available as certified refurbished units at accessible price points.
Apple’s practice of maintaining a parallel legacy security branch means owners of these older devices receive protection from newly discovered vulnerabilities without requiring hardware replacement. iOS 18.7.x updates contain no feature additions, no UI changes, and no Apple Intelligence capabilities. They exist to close attack surfaces on hardware the iOS 26 branch no longer covers. For users in India who purchased an iPhone XR or XS between 2019 and 2022, this update extends meaningful security coverage without any new device purchase.
Verified iOS 18.7.x Release History
The following table contains only build numbers, dates, and security facts confirmed against Apple’s official support pages and Apple’s security releases index.
| Build | Release Date | Security Content | Devices |
|---|---|---|---|
| iOS 18.7 (22H20) | Sep 15, 2025 | Audio, CoreAudio, ImageIO, JavaScriptCore, Safari, WebKit CVEs | All iOS 18 devices |
| iOS 18.7.1 | Oct 1, 2025 | CVE-2025-43400 (FontParser out-of-bounds write) | iPhone XR/XS, iPad 7th gen |
| iOS 18.7.2 | Nov 5, 2025 | CVE-2025-43510 (memory corruption, improved lock state) | iPhone XR/XS, iPad 7th gen |
| iOS 18.7.3 (22H217) | Dec 12, 2025 | CVE-2025-43529 (CVSS 9.8) + CVE-2025-14174 (CVSS 8.8) WebKit zero-days actively exploited; CVE-2025-5918 | iPhone XR/XS, iPad 7th gen |
| iOS 18.7.4 (22H218) | Jan 26, 2026 | No published CVE entries | iPhone XR/XS, iPad 7th gen |
| iOS 18.7.5 (22H311) | Feb 10, 2026 | CVE-2026-20645 (Accessibility), CVE-2025-43537 (Books), CoreMedia, libexpat | iPhone XR/XS, iPad 7th gen |
| iOS 18.7.6 (22H320) | Mar 4, 2026 | Emergency call fix (Australia) | iPhone XR/XS |
| iOS 18.7.7 (22H333) | Mar 24, 2026 | CVE list pending Apple publication | iPhone XR/XS, iPad 7th gen |
How to Install iOS & iPadOS 18.7.7
Installation follows the standard over-the-air update process:
- Open Settings on your iPhone XR, XS, or iPad 7th gen
- Tap General, then Software Update
- Select iOS 18.7.7 and tap Download and Install
- Ensure at least 50% battery charge or connect to power before starting
- Maintain a stable Wi-Fi connection throughout the download and install cycle
Allow 10 to 15 minutes for the full installation. The update package size for 18.7.x releases has ranged between 150 MB and 300 MB depending on the installed build.
Considerations
iOS 18.7.7 cannot deliver features that the A12 chip and the iOS 18 framework do not support. Users hoping for Apple Intelligence, an updated Siri, or any iOS 26 UI improvements will not receive them through this update. Apple has not announced an end date for iOS 18.x security maintenance. The monthly cadence maintained from 18.7.1 through 18.7.7 suggests continued patching for as long as these devices remain in active use at scale.
Frequently Asked Questions (FAQs)
What is iOS 18.7.7 (22H333)?
iOS 18.7.7 (22H333) is a security update released by Apple on March 24, 2026. It targets iPhone XR, iPhone XS, and iPhone XS Max, along with iPad 7th generation for the iPadOS variant. The update contains no new features and addresses security vulnerabilities in the iOS 18 branch.
Which devices support iOS 18.7.7?
iOS 18.7.7 supports the iPhone XR, iPhone XS, and iPhone XS Max. iPadOS 18.7.7 supports the iPad 7th generation. Devices capable of running iOS 26, such as iPhone 11 and later, receive equivalent security fixes through iOS 26.4, released the same day.
Is iOS 18.7.7 a mandatory update?
Apple recommends iOS 18.7.7 for all eligible users. Installation is not forced automatically, but skipping security patches on devices that cannot access iOS 26 protections leaves them exposed to known exploit categories documented across the 18.7.x series.
What were the most critical vulnerabilities fixed in the iOS 18.7.x series?
iOS 18.7.3 patched two WebKit zero-days confirmed as actively exploited in the wild: CVE-2025-43529 (CVSSv3.1 score of 9.8, use-after-free enabling arbitrary code execution) and CVE-2025-14174 (CVSS 8.8, memory corruption). Both were discovered by Google’s Threat Analysis Group and required only that a user visit a maliciously crafted web page.
Will iOS 18.7.7 improve performance or battery life?
No. iOS 18.7.7 is a pure security maintenance update. It does not include performance optimizations, battery improvements, new features, or UI changes. Any performance characteristics of your device remain unchanged after installation.
Why is Apple still releasing iOS 18 updates in 2026?
iPhone XR and XS hardware cannot run iOS 26. Apple continues iOS 18.x security patching to protect these devices from vulnerabilities. This parallel maintenance branch has delivered consistent monthly security coverage from September 2025 through March 2026.
What does the build number 22H333 mean?
Apple’s build numbers encode the OS version and internal revision. For iOS 18.7.7, 22 refers to the macOS/iOS build year cycle, H indicates the fall release branch, and 333 is the specific build revision. The RC build seeded March 18, 2026, carried this same identifier, confirming no build changes between RC and stable release.
What came before iOS 18.7.7?
iOS 18.7.6, released March 4, 2026, addressed an emergency call functionality issue in Australia and was the narrowest release in the 18.7.x series, targeting iPhone XR and XS only without iPad 7th generation. iOS 18.7.7 expands device coverage back to include the iPad 7th generation.
