Apple patches iPhone exploit that allowed for ‘extremely sophisticated’ attack

A new iPhone update patches a flaw that could allow an attacker to turn off a nearly seven-year-old USB security feature. Apple’s release notes for iOS 18.3.1 and iPadOS 18.3.1 say the bug, which allowed the deactivation of USB Restricted Mode, “may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

The release notes describe the now-patched security flaw as allowing “a physical attack,” which suggests the attacker needed the device in hand to exploit it. So, unless your device was hijacked by “extremely sophisticated” attackers, there was nothing to panic about even before Monday’s update.

USB Restricted Mode, introduced in iOS 11.4.1, prevents USB accessories from accessing your device’s data if it hasn’t been unlocked for an hour. The idea is to protect your iPhone or iPad from law enforcement devices like Cellebrite and Graykey. It’s also the reason for the message asking you to unlock your device before connecting it to a Mac or Windows PC.

Aligned with its typical policy, Apple didn’t detail who or what entity used the attack in the wild, only noting that the company is “aware of a report that this issue may have been exploited.” Security researcher Bill Marczak of the University of Toronto’s Citizen Lab reported the flaw. In 2016, while in grad school, he discovered the iPhone’s first known zero-day remote jailbreak, which a cyberwarfare company sold to governments.

You can make sure USB Restricted Mode is activated by heading to Settings > Face ID (or Touch ID) & Passcode. Scroll down to “Accessories” in the list and ensure the toggle is off, which it is by default. Somewhat confusingly, toggling the setting off means the security feature is on because it lists features with allowed access.

As usual, you can install the update by heading to Settings > General > Software Update on your iPhone or iPad.