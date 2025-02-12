Apple releases iOS 18.3.1 to fix a critical vulnerability exploited in targeted attacks. The flaw allowed physical attackers to disable USB Restricted Mode on locked iPhones, potentially granting full device access.

Apple has released iOS 18.3.1, an emergency patch that fixes a single security issue already being exploited in the wild. While Apple remains tight-lipped about the specifics, the update addresses a flaw in Accessibility that could allow a physical attacker to disable USB Restricted Mode on a locked device.

This vulnerability, reported by Bill Marczak of The Citizen Lab at The University of Toronto's Munk School, poses a significant risk as it could grant attackers full administrative access to the device. \USB Restricted Mode, introduced in iOS 11.4.1, prevents locked devices from sharing data with connected accessories. This protects against tools used by hackers, often employed by government and law enforcement agencies, but potentially accessible to malicious actors. The Citizen Lab's involvement suggests this attack targeted high-profile individuals like journalists, dissidents, and government officials. The patched vulnerability is not remotely exploitable, requiring physical access to the device. However, the sophistication of the attack indicates it's likely aimed at specific high-value targets. \Apple urges all iOS users to update to iOS 18.3.1 immediately for protection. The update is available for iPhone XS and later, various iPad models, and iPadOS 17.7.5 for compatible iPads. Notably, the update also reactivates Apple Intelligence by default, even if previously disabled, potentially raising privacy concerns. Apple needs to address this issue swiftly. The vulnerability's use in real-world attacks underscores the importance of keeping devices updated to mitigate security risks





