Apple is known for its robust security features. Whether it’s an iPhone or iPad, these devices have almost every kind of security measure to protect user data. However, a recent announcement by Apple and the patch note reveal that even after such strict security measures, security is not guaranteed for iPhone and iPad users. With the latest patch note, Apple has fixed a bug that no one probably thought of hampering their data in iOS devices.
Apple has different security regulations for all of its devices. With each new entry, these rules get stricter, but it seems like there are still places to improve. USB Restricted Mode is one of the security measures that was introduced in 2018, where the device automatically disables the ability to send data over a USB connection if the device isn’t unlocked for seven days. This was brought to ensure that no hacker could connect a cable to the ports and steal data. Unless the user authenticates and unlocks the device, the USB ports will be locked.
This system looks fine, but a recent announcement from Apple has highlighted the risks. On Monday, February 10, the company stated about a bug that has targeted multiple users and stated, “A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
This vulnerability was discovered by a senior researcher at the Citizen Lab, Bill Marczak, who highlighted that this attack is possible only through the physical possession of the device. Basically, the hackers have to get the phone of a person and then use software like Cellebrite or Graykey to connect to that device to unlock and access the stored data.
However, iPhone or iPad users don’t need to get panicked knowing this, as Apple has launched an immediate patch note to fix this vulnerability.
Apple hasn’t mentioned any details about who has been exploiting this flaw and against whom, but the authorities have immediately fixed it. Currently, the patch is available on devices running iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5.
Apple users with iPhone XS and later models, along with recent iPad Pro, iPad Air, and iPad mini devices, are eligible to install the update by following the steps:
1. Go to Settings.
2. Visit General
3. Click on Software Update.
It’s still unsure who’s been attacked, but it’s evident that Apple’s security fails in front of Cellebrite, as the law enforcement department has used this method to crack iPhone security and access the phones of the accused to solve cases.