Apple releases security updates to block hacking tools, again – The Verge

A physical attack that could access locked iPhones and other devices has reportedly been used against ‘specific targeted individuals.’A physical attack that could access locked iPhones and other devices has reportedly been used against ‘specific targeted individuals.’by Umar ShakirApple released iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 today to address a zero-day exploit that might allow attackers to access data on a locked device.The update patches the OS against an attack on USB Restricted Mode, which Apple first implemented in devices with the release of iOS 11.4.1 in 2018, to prevent attempts to bypass device passcodes and get around the encryption safeguards that protect user’s data. According to Apple, the exploit reported by Bill Marczak of The Citizen Lab “may have been exploited in an extremely sophisticated attack against specific targeted individuals.”Apple has patched flaws in USB Restricted Mode before, and in iOS 18, it added a new “inactivity reboot” that would restart unused devices after a few days so that they require a passcode for access. Today, it also issued new updates for the Mac, Apple Watch, and Vision Pro platforms but has not yet released any security notes to go along with those.Apple’s details about the new update:iOS 18.3.1 and iPadOS 18.3.1Released February 10, 2025AccessibilityAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.Description: An authorization issue was addressed with improved state management.A weekly newsletter by David Pierce designed to tell you everything you need to download, watch, read, listen to, and explore that fits in The Verge’s universe.© 2025 Vox Media, LLC. All Rights Reserved

Source: https://www.theverge.com/news/609546/apple-iphone-ipad-usb-restricted-mode-zero-day-exploit-patch