Apple warns "extremely sophisticated attack" hits iPhones and iPads, so update now

News
By published

Apple hints at governments breaking into locked iPhones

An iPhone with a 10:30am alarm ringing next to an Apple Watch that displays the time as 12:42pm
(Image credit: u/bryanlolwut)
  • Apple releases update for iOS and iPadOS devices with security patch
  • It claims the update fixes a bug disabling USB Restricted Mode
  • The bug was being abused in the wild, Apple says

Apple has released a new patch for iOS and iPadOS devices to fix a recently discovered flaw - which normally would be nothing extraordinary, had Apple not described the patched vulnerability quite as dramatically as it did.

In a security advisory, the company said it was releasing iOS 18.3.1 and iPadOS 18.3.1 to address CVE-2025-24200, a flaw plaguing many of its iPhones and iPads which could allow a malicious actor to run a “physical attack” that disables USB Restricted Mode on a locked device.

USB Restricted Mode is a security feature that prevents data transfer through the Lightning (or USB-C) port when the device has been locked for more than one hour. This helps protect against hacking tools that try to bypass passcodes or extract data via USB connections.

Breaking into locked iPhones

Apple said it fixed the issue with improved state management, but added: “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

The wording here, although not specific, suggests the vulnerability might have been used by law enforcement and other state-sponsored agencies to unlock iPhones from individuals of high interest.

Apple has a long history of conflict with the US government. While the latter demanded, on a few occasions, that Apple hand over access to iPhones seized from alleged terrorists and other criminals, Apple vehemently declined, arguing that such a move would undermine the privacy of all users and thus ruin the brand itself.

As a result, the US government hired third-party cybersecurity agencies that claimed they had working methods of breaking into locked iPhones. As TechCrunch reported recently, Amnesty International documented a series of attacks by Serbian authorities where they used Cellebrite, an Israeli digital intelligence company known for its phone forensic tools allegedly used to extract data from locked and encrypted smartphones, to unlock the phones of activists and journalists in the country, and then install malware on them.

Via TechCrunch

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Apple Siri
Update your Apple device now: iOS 18.3.2 fixes a flaw that could be exploited by hackers
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Apple users facing new security risks after critical USB component hacked
Apple iPhone 16 Review
iOS 18.3 is here with a major change to how you enable Apple Intelligence
iPhone 16 Pro Max with Apple Intelligence
Did you turn off Apple Intelligence? Updating to iOS 18.3.1 or macOS 15.3.1 might’ve turned it on again
Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
Nintendo Switch 2
Nintendo Switch 2 expected to have AI upscaling and I can't wait to finally play Tears of the Kingdom with upgraded graphics
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues
Intel Lunar Lake concept
Intel's Panther Lake processors won't arrive until Q1 2026 - corroborates previous delay rumors despite former Intel CEO's promise of 2025 launch
More about security
A graphic showing someone on a tablet working through a supply chain.

Security issue in open source software leaves businesses concerned for systems
person at a computer

Infamous ransomware hackers reveal new tool to brute-force VPNs
The MacBook Air 13-inch (M2) on a pink background with text saying Big Savings next to it.

The MacBook Air M2 has a massive price cut thanks to the M4 launch
See more latest
Most Popular
Minisforum AI X1 mini PC
Tiny Mac Mini rival can power four 8K monitors, and is the first mini PC to receive AMD's powerful Ryzen 7 260 APU
AOOSTAR G-FLIP mini PC
AMD powers the world's fastest all-in-one PC, and yes, I've probably overstretched the definition of AIO PC just a tiny bit
26TB WD Red Pro HDD
Western Digital introduces 26TB WD Red Pro HDDs for RAID and NAS systems at a surprisingly low price
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Samsung HW-Q990D soundbar, subwoofer and rear speakers
Samsung's best Dolby Atmos soundbar is being bricked by a new update – here's what we know so far
Intel Lunar Lake concept
Intel's Panther Lake processors won't arrive until Q1 2026 - corroborates previous delay rumors despite former Intel CEO's promise of 2025 launch
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Apple Watch Ultra 2 settings
I've been using an Apple Watch for 10 years – here are three common mistakes even I've made
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs