Apple warns "extremely sophisticated attack" hits iPhones and iPads, so update now

News
By
published

Apple hints at governments breaking into locked iPhones

An iPhone with a 10:30am alarm ringing next to an Apple Watch that displays the time as 12:42pm
(Image credit: u/bryanlolwut)
  • Apple releases update for iOS and iPadOS devices with security patch
  • It claims the update fixes a bug disabling USB Restricted Mode
  • The bug was being abused in the wild, Apple says

Apple has released a new patch for iOS and iPadOS devices to fix a recently discovered flaw - which normally would be nothing extraordinary, had Apple not described the patched vulnerability quite as dramatically as it did.

In a security advisory, the company said it was releasing iOS 18.3.1 and iPadOS 18.3.1 to address CVE-2025-24200, a flaw plaguing many of its iPhones and iPads which could allow a malicious actor to run a “physical attack” that disables USB Restricted Mode on a locked device.

USB Restricted Mode is a security feature that prevents data transfer through the Lightning (or USB-C) port when the device has been locked for more than one hour. This helps protect against hacking tools that try to bypass passcodes or extract data via USB connections.

Breaking into locked iPhones

Apple said it fixed the issue with improved state management, but added: “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

The wording here, although not specific, suggests the vulnerability might have been used by law enforcement and other state-sponsored agencies to unlock iPhones from individuals of high interest.

Apple has a long history of conflict with the US government. While the latter demanded, on a few occasions, that Apple hand over access to iPhones seized from alleged terrorists and other criminals, Apple vehemently declined, arguing that such a move would undermine the privacy of all users and thus ruin the brand itself.

As a result, the US government hired third-party cybersecurity agencies that claimed they had working methods of breaking into locked iPhones. As TechCrunch reported recently, Amnesty International documented a series of attacks by Serbian authorities where they used Cellebrite, an Israeli digital intelligence company known for its phone forensic tools allegedly used to extract data from locked and encrypted smartphones, to unlock the phones of activists and journalists in the country, and then install malware on them.

Via TechCrunch

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
A hand laying out a password

Security attacks on password managers have soared
Robotic hand clicking on captcha 'I am not a robot'.

"A tracking cookie farm for profit" - report claims reCAPTCHA has caused 819 million hours of wasted human time, and billions in Google profits
Jillian Bell and Amy Schumer in a still from Netflix's new movie Kinda Pregnant

5 new Netflix and Prime Video movies with less than 48% on Rotten Tomatoes I suggest you avoid
See more latest