Today, Apple released iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 to address a zero-day vulnerability that could allow attackers to access data on a locked device.
The update protects the OS from an attack on the USB restricted mode, which Apple first implemented in devices with the release of iOS 11.4.1 in 2018 to prevent attempts to bypass device passwords and encryption tools that protect user data. According to Apple, the exploit, reported by Bill Marchak of The Citizen Lab, “could be used in an extremely sophisticated attack against specific targeted individuals.”
