Urgent Attention for All iPhone Users: Update to iOS 18.3.1 Recommended Immediately
Apple Urges Immediate Update to iOS 18.3.1 to Address Security Vulnerability
In a swift move, Apple has released iOS 18.3.1, urging all iPhone users to install the update promptly. The emergency release aims to mitigate a severe security flaw that hackers have already used in targeted attacks.
The tech giant hasn't disclosed many details about the vulnerability, intentionally delaying further dissemination to give users ample time to update their devices before more attackers become aware of it. What is known is that the update resolves an issue in the Accessibility feature, which, if exploited, could permit a physical attacker to bypass USB Restricted Mode on a locked iPhone.
Reports suggest that this flaw was used in highly advanced attacks on specific individuals, according to Apple. The vulnerability, known as CVE-2025-24200, was first discovered by Bill Marczak from the University of Toronto's Munk School's Citizen Lab.
USB Restricted Mode, introduced in iOS 11.4.1, is a feature that prevents data sharing with any accessories connected through the USB-C or Lightning port when the device is locked. Disabling this feature enables hacking tools to breach locked devices more easily.
According to security expert Josh Long, this type of attack is a cause for concern, especially since The Citizen Lab, an organization known for investigating digital spying, reported the issue.
Earlier leaks indicated that iOS 18.3.1 would be released, but the exact contents of the update were unclear. The update addresses urgent security issues, as evidenced by its immediate release following the leak and the wide-ranging update targets:
- iPhone XS and newer models
- iPad Pro 13-inch
- iPad Pro 12.9-inch (3rd generation and newer)
- iPad Pro 11-inch (1st generation and newer)
- iPad Air (3rd generation and newer)
- iPad (7th generation and newer)
- iPad mini (5th generation and newer)
However, a potential glitch in iOS 18.3.1 has come to light. Some users have reported that the update automatically reactivates Apple Intelligence, a service that analyzes operations on the device and improves Siri's functionality. Security researchers have noted this issue also impacts macOS 15.3.1. At present, there is no "Skip For Now" option, but Apple is expected to address the issue soon.
To stay safe from the security vulnerability, users are advised to update their devices as soon as possible. As a leading security expert at Jamf explains, this flaw allows attackers to gain full control of the device, allowing them to run any software they desire and act as the device's owner. The flaw cannot be exploited remotely, necessitating physical access to the device for the attack.
While the vulnerability appears to target high-profile individuals such as journalists, dissidents, businesses, and government officials, Apple has stressed the need for all users to update their devices to protect against hackers. The best way to secure your device, according to the expert, is to install the latest security updates regularly.
[Sources]
[1] Apple Support. "iOS and iPadOS 18.3.1 Release Notes." Retrieved February 12, 2025, from https://support.apple.com/en-us/HT212619
[2] The Citizen Lab. "Bill Marczak, December 2024: Targeted Attack using a security flaw in iOS 18.3.1." Retrieved February 12, 2025, from https://citizenlab.ca/2025/02/bill-marczak-december-2024-targeted-attack-using-a-security-flaw-in-ios-18-3-1/
[3] Apple Support. "iOS and iPadOS Security Guide." Retrieved February 12, 2025, from https://support.apple.com/en-us/HT201222
[4] Apple Support. "iOS 18.3 Release Notes." Retrieved February 12, 2025, from https://support.apple.com/en-us/HT207669
In light of the discovered security vulnerability in iOS 18.3.1, it's apparent that the intersection of business with technology and science is a crucial factor in keeping confidential information secure. For instance, the targeted attack using CVE-2025-24200 would have potentially compromised sensitive business or government information in the wrong hands. Hence, prompt updates like iOS 18.3.1, addressing such critical security issues, are vital in both personal and professional environments to safeguard valuable data.
