Apple has released the iOS 18.3.1 update to address a critical security vulnerability that attackers may have actively exploited in a highly sophisticated attack against targeted individuals. The update, which began rolling out on February 10, 2025, fixes an issue that allowed attackers to disable USB Restricted Mode, potentially compromising a locked iPhone.
Attackers exploited a flaw in the Accessibility service that required physical access to an iPhone or iPad. Apple acknowledged that the vulnerability may have been used in attacks against specific individuals. The company advises users with eligible devices to install the update immediately to protect their devices from potential threats.
iOS 18.3.1 Update Fixes USB Restricted Mode Vulnerability
According to Apple’s release notes, the flaw impacted USB Restricted Mode, a security feature Apple introduced in iOS 11.4.1 in 2018. This feature prevents unauthorized access to an iPhone by blocking communication with connected USB accessories unless the device has been unlocked within the past hour. The vulnerability allowed attackers to bypass this security feature and gain unauthorized access to the device.
Security researcher Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School identified the vulnerability. Apple credited him for the discovery and urged users to update their devices promptly.
Changelog for iOS 18.3.1 and iPadOS 18.3.1
Released February 10, 2025
Accessibility
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
- Impact: A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
- Description: An authorization issue was addressed with improved state management.
- CVE-2025-24200: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School.
How to Update to iOS 18.3.1
iPhone and iPad users can install iOS 18.3.1 by opening the Settings app, navigating to General > Software Update, and selecting Install Now. The update is available for the latest iPhone 16 series and older models, going back to the iPhone XS. Apple strongly recommends users update their devices as soon as possible to stay protected against potential threats.
