Apple Fixes iPhone & iPad Bug Exploited in Sophisticated Attack

Apple Addresses Critical Security Flaw in iOS and iPadOS

Apple recently issued updates for its iOS and iPadOS mobile operating systems on Monday. These updates address a security vulnerability that the company indicated could potentially have been leveraged in highly targeted attacks.

The release notes for iOS 18.3.1 and iPadOS 18.3.1 detail that the flaw permitted the circumvention of USB Restricted Mode on devices that were locked.

Understanding USB Restricted Mode

Introduced in 2018, USB Restricted Mode is a crucial security measure. It prevents data transfer via a USB connection if an iPhone or iPad remains unlocked for a period of seven days.

Last year, Apple further enhanced security by implementing a feature that automatically reboots devices if they are not unlocked within 72 hours. This makes unauthorized data access more difficult for both law enforcement and malicious actors utilizing forensic tools.

Nature of the Exploitation

Apple’s wording in the security update suggests that the attacks likely required physical access to the targeted devices. This implies that those exploiting the vulnerability needed to connect to the victim’s Apple devices using forensic tools such as Cellebrite or Graykey.

These systems are commonly employed by law enforcement agencies to unlock devices and extract stored data.

Discovery of the Vulnerability

The vulnerability was initially identified by Bill Marczak, a senior researcher at Citizen Lab. Citizen Lab is a research group affiliated with the University of Toronto, specializing in the investigation of cyberattacks targeting civil society.

Apple has not yet provided a statement in response to requests for comment.

Mr. Marczak has indicated he is currently unable to provide further details on the record.

Potential Implications

The identity of those responsible for exploiting this flaw, and the specific targets of these attacks, remain unclear. However, past instances have shown law enforcement agencies utilizing forensic tools – often exploiting previously unknown vulnerabilities – to access data on locked devices.

In December 2024, Amnesty International published a report detailing attacks carried out by Serbian authorities. These attacks involved the use of Cellebrite to unlock the phones of activists and journalists, followed by the installation of malware.

According to Amnesty International, Cellebrite forensic devices were likely used extensively against individuals within civil society.

This update highlights the ongoing need for robust security measures to protect against sophisticated attacks, even when physical access to a device is required.