Apple fixes iphone security flaw used in sophisticated physical attacks
Apple claims it has patched the security flaw that could be used as part of the context of an "extremely sophisticated attack against targeted individuals".
Apple fixes iphone security flaw used in sophisticated physical attacks
Apple issued emergency security updates to fix the security vulnerability that enabled sophisticated attackers to circumvent iPhone security update via physical access to devices locked.
The latest updates, Apple iOS 18.3.1 and iPadOS 18.3.1 are able to fix a bug that could result in the disablement of USB Restricted Mode, a important security feature that was launched in 2018 that blocks access to data through iPhone USB ports when devices remain locked for prolonged periods.
"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the company wrote in its security announcement.
Security experts have suggested that the exploit may have been utilized in forensic tools, such as those made by Cellebrite iPhone unlock tools to law enforcement agencies across the globe. These tools have been criticized following reports of abuse by authorities to attack journalists and activists.
The targeted surveillance attacks was a physical access to the device, suggesting that it was likely to have been used for targeted attacks rather than in massive attacks. This vulnerability could have allowed attackers to bypass the Apple's USB Restricted Mode feature, which prevents data transmission over USB connections in the event that an iPhone isn't unlocked for at least an hour.
The update comes a few months after Apple added a safety feature within iOS 18 that automatically reboots inactive devices after 72 hours. It requires the use of a password upon restart.
The update is now available for iPhone XS and later models and also for the most recent iPad Pro, iPad Air and iPad mini models. Users can download the security patch by going the Settings menu > General > Software Update. Apple recommends that users install the patch immediately to safeguard against possible attack.
The company also announced update to Mac, Apple Watch, and Vision Pro platforms, though the security details of the updates were not immediately available.
