Apple warns of ‘extremely sophisticated attack’ targeting iPhones and iPads

Apple has issued an urgent security update after discovering that some iPhones and iPads have been targeted by a highly sophisticated attack.

What happened

Apple has issued a security warning that some iPhones and iPads may have been targeted by an "extremely sophisticated attack." In response, the tech giant has released critical patches to address the vulnerability. The flaw affects USB Restricted Mode, a security feature designed to disable the Lightning and USB ports on locked devices to prevent unauthorized access. Apple’s update aims to close this loophole, but the company acknowledges that attackers have exploited it in real-world scenarios.

Going deeper

The vulnerability in question allowed attackers to disable USB Restricted Mode on a locked device, potentially gaining access to sensitive data. USB Restricted Mode was introduced in 2018 to prevent unauthorized physical connections, particularly from law enforcement and hacking tools. However, Apple’s latest security update—iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5—addresses an “authorization issue” with improved state management. The flaw was identified by Bill Marczak, a senior researcher at the Citizen Lab, who warned users to update their devices immediately.

See also: HIPAA Compliant Email: The Definitive Guide

What was said

Apple released a statement on Monday that: "A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."

The National Institute of Standards and Technology (NIST) classified the flaw as an “authorization issue” that required better state management. Marczak reinforced Apple’s urgency, posting on social media: "Update your iPhones… again! iOS 18.3.1 out today with a fix for an ITW [in the wild] USB restricted mode bypass."

Why it matters

This flaw means attackers could potentially access personal data if they get physical access to a device. 

From a cybersecurity perspective, it highlights ongoing vulnerabilities even in highly secure devices and the need for regular updates.

FAQS

What is USB Restricted Mode, and why is it important?

USB Restricted Mode is a security feature that disables the Lightning and USB ports on locked devices to prevent unauthorized access. It’s particularly important for protecting devices from physical access by unauthorized parties, such as hackers or law enforcement using specialized tools.

What should users do to protect their devices?

Users are advised to update their devices immediately to the latest versions—iOS 18.3.1 and iPadOS 18.3.1—available through Apple’s software update feature.

Can this vulnerability be exploited remotely?

No, the vulnerability requires physical access to the device, meaning attackers must be able to physically handle the device to exploit the flaw.