iOS 18.3.1 Update Addresses Critical Security Flaw

iOS 18.3.1 is being rolled out by Apple, introducing essential fixes for a severe security vulnerability that might enable attackers to access a locked iPhone. This flaw, linked to the Accessibility service, could be exploited if someone physically accesses the device and disables USB Restricted Mode, a feature meant to prevent unauthorized USB access. Apple has acknowledged that this vulnerability may have already been exploited in targeted attacks against specific individuals.

Details of the Vulnerability in USB Restricted Mode

As outlined in Apple’s release notes, this update resolves a flaw that could be exploited for physical attacks on locked iPhones and iPads. Bill Marczak, a security researcher at The Citizen Lab within The University of Toronto’s Munk School, was the first to identify this vulnerability. Apple has recognized Marczak’s contribution in discovering this issue and urges all users to promptly update their devices.

Understanding the USB Restricted Mode Vulnerability

• USB Restricted Mode was introduced in iOS 11.4.1 (2018) to prevent unauthorized USB connections unless the device has been unlocked in the last hour.
• This new vulnerability permits attackers to disable USB Restricted Mode, potentially enabling access to the device through a USB connection.
• Although this flaw necessitated physical access, Apple has warned that it may have been utilized in sophisticated attack scenarios.

The iOS 18.3.1 update can be downloaded by all supported iPhone models, including the latest iPhone 16 series as well as earlier models back to the iPhone XS. Users can initiate the update process by navigating to: Settings > General > Software Update > Install Now.