Apple iOS and iPadOS USB Restricted Mode Vulnerability Allowing Bypassing on Locked Devices

A vulnerability has been identified in Apple iOS and iPadOS that allows a physical attack to disable USB Restricted Mode on locked devices. This issue arises from an authorization flaw that has been addressed with improved state management. The vulnerability is present in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5. Apple is aware of reports that this vulnerability may have been exploited in a highly sophisticated attack targeting specific individuals.

Impact

Exploitation of this vulnerability can lead to the disabling of USB Restricted Mode on a locked device, potentially allowing unauthorized access to the device's data.

Remediation

Users can update to iOS 18.3.1 or iPadOS 18.3.1 through iTunes or the Software Update feature on their devices. iPadOS 17.7.5 is also available through the same channels. Instructions for checking and applying the update are available on the Apple Support website.