- Apple releases update for iOS and iPadOS devices with security patch
- It claims the update fixes a bug disabling USB Restricted Mode
- The bug was being abused in the wild, Apple says
Apple has released a new patch for iOS and iPadOS devices to fix a recently discovered flaw – which normally would be nothing extraordinary, had Apple not described the patched vulnerability quite as dramatically as it did.
In a security advisory, the company said it was releasing iOS 18.3.1 and iPadOS 18.3.1 to address CVE-2025-24200, a flaw plaguing many of its iPhones and iPads which could allow a malicious actor to run a “physical attack” that disables USB Restricted Mode on a locked device.
USB Restricted Mode is a security feature that prevents data transfer through the Lightning (or USB-C) port when the device has been locked for more than one hour. This helps protect against hacking tools that try to bypass passcodes or extract data via USB connections.
Breaking into locked iPhones
Apple said it fixed the issue with improved state management, but added: “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
The wording here, although not specific, suggests the vulnerability might have been used by law enforcement and other state-sponsored agencies to unlock iPhones from individuals of high interest.
Apple has a long history of conflict with the US government. While the latter demanded, on a few occasions, that Apple hand over access to iPhones seized from alleged terrorists and other criminals, Apple vehemently declined, arguing that such a move would undermine the privacy of all users and thus ruin the brand itself.
As a result, the US government hired third-party cybersecurity agencies that claimed they had working methods of breaking into locked iPhones. As TechCrunch reported recently, Amnesty International documented a series of attacks by Serbian authorities where they used Cellebrite, an Israeli digital intelligence company known for its phone forensic tools allegedly used to extract data from locked and encrypted smartphones, to unlock the phones of activists and journalists in the country, and then install malware on them.
Via TechCrunch
You might also like
- United Healthcare data breach may have affected 190 million Americans
- We’ve rounded up the best password managers
- Take a look at our guide to the best authenticator app