Apple fixes bugs on iPhone and iPad used in “very sophisticated attacks”
On Monday, Apple released an update to its mobile operating system for iOS and iPads. This fixed a flaw that the company said could have been “exploited in a very sophisticated attack on a particular targeted individual.”
In the release notes of iOS 18.3.1 and iPads 18.3.1The company said the vulnerability allowed the USB restriction mode to be disabled “on locked devices.” It was introduced 2018USB Restriction Mode is a security feature that blocks the ability of your iPhone or iPad to send data over a USB connection if the device has not been unlocked for 7 days. last year, Apple has released another security feature If your device has not been unlocked for 72 hours, it will restart and make it difficult for law enforcement or criminals to use law enforcement to access data on those devices.
Apple suggests that attacks are likely to be carried out under physical control of a person’s device, based on the language used in the security update. mobile phone or GrayKeytwo systems that allow law enforcement to unlock and access data stored on iPhones and other devices.
Vulnerability Discovered by Bill Marczaka senior researcher at the Citizen Lab at the University of Toronto Group, investigating cyberattacks on civil society.
inquiry
Is there any more information about this flaw or other iPhone zero-day or cyberattacks? From unprocessed devices, you can safely contact Lorenzo Franceschi-Bicchierai with a signal of +1 917 257 1382 or via Telegram and keybase @lorenzofb. Email. You can also contact us via TechCrunch securerop.
Apple did not respond to requests for comment by press time.
Marczak told TechCrunch that he could not comment on the record at this point.
At this point, it is unclear who abused the flaw and which it was used. However, there have been documented cases of law enforcement using forensic tools in the past. Zero Day flaws On devices such as iPhones, you unlock the device and access internal data.
In December 2024, Amnesty International issued a report documenting a series of attacks by Serbian authorities. They used Celebrity to unlock mobile phones for activists and journalists across the countryand install malware on them.
Security researchers said Celbright forensic devices are likely to be “widely” used by civil society individuals, according to the pardon.