Apple released emergency security updates to patch a vulnerability that allowed sophisticated attackers to bypass iPhone security features through physical access to locked devices.
The updates, iOS 18.3.1 and iPadOS 18.3.1, fix a flaw that could disable USB Restricted Mode, a key security feature introduced in 2018 that prevents data access through iPhone USB ports when devices remain locked for extended periods.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said in its security advisory. The vulnerability was discovered and reported by Bill Marczak of Citizen Lab, a research group known for investigating surveillance technology.
Security experts suggest the exploit may have been used in forensic tools like those from Cellebrite, which provides iPhone unlocking capabilities to law enforcement agencies worldwide. Such tools have faced criticism after reports of misuse by authorities to target activists and journalists.
The attack required physical possession of the device, indicating it was likely used in targeted operations rather than widespread attacks. This vulnerability potentially allowed attackers to circumvent Apple’s USB Restricted Mode, which blocks data transmission through USB connections when an iPhone hasn’t been unlocked for an hour.
The patch comes months after Apple introduced an additional security feature in iOS 18 that automatically reboots inactive devices after 72 hours, requiring a passcode upon restart.
The update is available for iPhone XS and later models, along with recent iPad Pro, iPad Air, and iPad mini devices. Users can install the security patch by navigating to Settings > General > Software Update on their devices. Apple recommends immediate installation to protect against potential exploitation.
The company also released updates for Mac, Apple Watch, and Vision Pro platforms, though security details for these updates weren’t immediately available.
