Apple has launched a minor but highly important update for iPhone an iPad that fixes an issue that enabled attackers to access data from a locked device.
In the release notes for iOS/iPadOS 18.3.1, Apple says it has plugged a security flaw that targeted the USB Restricted Mode feature.
Phenomenal Pixel 9 Pro Bundle
The Pixel 9 Pro now comes with 100GB data, a free £100 Currys gift card and a free pair of Pixel Buds A-Series to boot.
- Mobiles UK
- £99 upfront
- Just £29.99/month
Apple uses this feature to prevent data being transferred over a USB connection if it’s been a while since the phone or tablet was unlocked.
In the update today, Apple reveals a belief that this flaw has been used in the wild and was used to target specific people. Yikes.
In the notes, Apple writes: “A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
Apple has fixed this. “An authorisation issue was addressed with improved state management,” the company has said. It credited Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School, with the discovery of the flaw.
This is the only fix Apple is listing within the security update.
However, this isn’t the first time Apple has offered an update for USB Restricted Mode and, in iOS 18.1, the company introduced an “inactivity reboot” that may occur when the phone has been inactive for 96 hours. This is designed to prevent law enforcement agencies and criminals alike from accessing your data.
