Apple has released emergency updates for iPhones and iPads to fix a security weakness that was used in targeted attacks. The company released iOS 18.3.1 and iPadOS 18.3.1 on Monday to address the problem.
The flaw let attackers disable a key security feature called USB Restricted Mode on locked devices. This feature normally blocks data transfer through USB connections if a device stays locked for seven days.
The security feature works alongside another protection that reboots devices after 72 hours without being unlocked.
Bill Marczak from Citizen Lab, a research group at the University of Toronto, discovered the vulnerability. The attack likely required physical access to targeted devices and might have used forensic tools like Cellebrite or Graykey, which are typically used by law enforcement to unlock phones.
While Apple hasn’t shared who was targeted or who carried out the attacks, similar tools have been used against activists and journalists in the past.
In December 2024, Amnesty International reported that Serbian authorities used Cellebrite devices to unlock phones belonging to activists and journalists, then installed malware on their devices.
Apple described the attack as “extremely sophisticated” and aimed at specific individuals. The company has now fixed the vulnerability, and users are advised to update their devices immediately.
