Apple has released an update for iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 to address a zero-day vulnerability that could allow someone to bypass passcode protection and gain physical access to data on locked iPhones and iPads. The update addresses the USB Restricted Mode feature, first introduced in iOS 11.4.1 in 2018 to prevent attempts to bypass encryption protections.
Image Source: Daniel Romero / Unsplash
The company confirmed that the vulnerability could have been used in an “extremely sophisticated attack against specific individuals” and, according to The Verge, citing researcher Bill Marczak of The Citizen Lab, provided physical access to data on a locked device, bypassing the USB Restricted Mode security mechanism.
Apple clarified that the issue was related to an error in authorization management, which was fixed through improved system state management. The vulnerability affected devices starting with the iPhone XS, iPad Pro 3rd generation and later.
Apple previously addressed the shortcomings of USB Restricted Mode by adding an inactivity reboot feature to iOS 18 that automatically restarts unused devices after a few days, requiring a password to access. The new update also includes patches for the Mac, Apple Watch, and Vision Pro platforms, but details and explanations for the patches have not yet been released.
The company strongly recommends that users update their devices to protect their data from possible physical hacking. The update is now available for download.