CyberSecurity news
FlagThis
Iain Thomson@The Register - 17d
Apple has issued emergency security updates to address a zero-day vulnerability that was actively exploited in what the company describes as "extremely sophisticated" attacks targeting specific individuals. The vulnerability allowed attackers to disable USB Restricted Mode on locked iPhones and iPads, potentially enabling unauthorized data access. Apple's use of the term "extremely sophisticated" suggests a high level of complexity and targeted nature of these attacks.
The updates, released for iOS 18.3.1 and iPadOS 18.3.1, fix a flaw that allowed the disabling of USB Restricted Mode on a locked device. This security feature, introduced in 2018, blocks data transfer over USB if the device remains unlocked for seven days. The vulnerability was discovered by Bill Marczak from the Citizen Lab, who declined to comment further. While the identity of the attackers and their targets remain unknown, this highlights the importance of swiftly updating devices and raises concerns about the potential misuse of forensic tools to exploit such vulnerabilities.
ImgSrc: regmedia.co.uk
References :
The updates, released for iOS 18.3.1 and iPadOS 18.3.1, fix a flaw that allowed the disabling of USB Restricted Mode on a locked device. This security feature, introduced in 2018, blocks data transfer over USB if the device remains unlocked for seven days. The vulnerability was discovered by Bill Marczak from the Citizen Lab, who declined to comment further. While the identity of the attackers and their targets remain unknown, this highlights the importance of swiftly updating devices and raises concerns about the potential misuse of forensic tools to exploit such vulnerabilities.
ImgSrc: regmedia.co.uk
Share:
References :
- cyberinsider.com: CyberInsider article on Apple Patches Zero-Day Exploit Targeting Locked iPhones
- infosec.exchange: NEW: Apple released a fix for a zero-day bug for iOS and iPadOS that “may have been exploited in an extremely sophisticated attack against specific targeted individuals.� AFAIK this is the first time Apple uses "extremely sophisticated attack" in an official release. At this point, we don't know who abused the flaw, nor against whom.
- techcrunch.com: NEW: Apple has released updates for iPhone and iPad to fix a bug that Apple says was used in an "extremely sophisticated attack" against certain individuals.
- PCMag UK security: Apple Patches 'Extremely Sophisticated Attack' That Can Hit iPhones
- securityaffairs.com: SecurityAffairs article on iPhone and iPad bug exploited in sophisticated attacks
- The Register - Security: Apple warns 'extremely sophisticated attack' may be targeting iThings
- cyble.com: The Cyber Security Agency of Singapore (CSA) has recently issued a regarding the active exploitation of a zero-day vulnerability in a range of Apple products. This critical is being actively targeted, and Apple has released timely security updates to address the issue.
- Zack Whittaker: Apple has released updates for iPhone and iPad to fix a bug that Apple says was used in an "extremely sophisticated attack" against certain individuals. According to the release, the attack may need physical access to a device.
- TidBITS: Apple has released iOS 18.3.1 and iPadOS 18.3.1 to patch a vulnerability that disables USB Restricted Mode. While the risk is low for most users, high-profile targets like activists and journalists should update immediately.
- thecyberexpress.com: The Cyber Express: Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update
- cyble.com: Apple issues an urgent security advisory for iOS and iPadOS vulnerabilities
- support.apple.com: APPLE-SA-02-10-2025-1 iOS 18.3.1 and iPadOS 18.3.1
- www.pcmag.com: News about Apple patching an extremely sophisticated attack that can hit iPhones.
- readwrite.com: Apple releases iOS 18.3.1 to update security flaw in ‘sophisticated attack’
- arstechnica.com: Updates may also re-enable Apple Intelligence for those who turned it off.
- www.engadget.com: A new iPhone update patches a flaw that could allow an attacker to turn off a nearly seven-year-old .
- Ars OpenForum: Updates may also re-enable Apple Intelligence for those who turned it off.
- www.scworld.com: Such a vulnerability — which was discovered and reported by the University of Toronto Munk School of Global Affairs' The Citizen Lab — affects iPhone XS and later, iPad 7th generation and later, iPad mini 5th generation and later, all iPad Pro 11-inch generations, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd gen and later, and iPad Air 3rd generation and later.