iOS 18.3.1 addresses a vulnerability that allowed attackers to disable USB Restricted Mode on a locked device.
A recent iPhone update addresses a security flaw that could allow an attacker to disable a nearly seven-year-old USB security feature. Apple’s release notes for iOS 18.3.1 and iPadOS 18.3.1 indicate that this bug, which permitted the deactivation of USB Restricted Mode, “may have been exploited in an extremely sophisticated attack against specifically targeted individuals.”
The release notes describe the now-patched security flaw as enabling “a physical attack,” meaning that the attacker would need access to the device to exploit it. Therefore, unless highly sophisticated attackers compromised your device, there was no cause for concern even before Monday’s update.
USB Restricted Mode, introduced in iOS 11.4.1, prevents USB accessories from accessing your device’s data if it hasn’t been unlocked for an hour. This feature is designed to protect your iPhone or iPad from law enforcement tools like Cellebrite and GrayKey. It also explains the message prompting you to unlock your device before connecting it to a Mac or Windows PC.
In line with its standard policy, Apple did not disclose the identity of the individual or entity that may have exploited this flaw, simply stating that the company is “aware of a report that this issue may have been exploited.” Security researcher Bill Marczak from the University of Toronto’s Citizen Lab reported the vulnerability. He previously discovered the iPhone's first known zero-day remote jailbreak in 2016 while in graduate school, which a cyberwarfare company later sold to governments.
To ensure USB Restricted Mode is activated on your device, go to Settings > Face ID (or Touch ID) & Passcode. Scroll down to the “Accessories” section and check that the toggle is off; note that it is off by default. It can be somewhat confusing, as turning the setting off means the security feature is enabled since the list shows features that are permitted access.
As always, you can install the update by navigating to Settings > General > Software Update on your iPhone or iPad.
No comments:
Post a Comment