Make Sure to Update: iOS 18.3.1 Includes Fix for Actively Exploited Vulnerability

[MacRumors]

The iOS 18.3.1 and iPadOS 18.3.1 updates that Apple released today include an important security fix, and it's important to install the new software as soon as possible because this bug was exploited in the wild.

According to Apple's security support document for iOS 18.3.1 and iPadOS 18.3.1, it addresses an accessibility vulnerability that could disable USB Restricted Mode on a locked device.

Exploiting this vulnerability requires physical access to a device, and Apple says that it was used against specific individuals.

Impact: A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

The vulnerability was fixed with improved state management, according to Apple. Note that Apple has also released iPadOS 17.7.5 with the same security fix for devices that are not able to run iPadOS 18.

You will want to install iOS 18.3.1 if you have an iPhone compatible with iOS 18 in order to ensure you are protected from vulnerabilities. The same goes for iPadOS 18.3.1 or iPadOS 17.7.5 depending on which iPad you have.

Article Link: Make Sure to Update: iOS 18.3.1 Includes Fix for Actively Exploited Vulnerability

 

[WWP99]

CIA/Mossad hack.

 

[N0ughtsAndCr0sses]

Good stuff. Thanks. 🤩Native Mail app seems okay. Too early to tell but I wanted to say.

 

[Lizzard899]

Maybe they should also fix the messages bug in the message app thats been there since 18.2 thats still not fixed. The bug is where when u manually delete texts out of recently deleted folder its supposed to delete from the server end too. BUT it isn't Its suppose to take up to 4 days to delete from the server end but its not doing this. I doubt they will fix this. Ive reported it on the feedback page many times. Also theres a bug with iphone storage that was an issue in 17.5 but not for me. Its gotten better but not perfect. Then theres the icloud storage bug thats been there since ios 18.0.0 where my icloud storage doubles for no reason. Ive reported it many times on the feedback page too and still not fixed. Prob wont be fixed until a yr or so.

 

[I7guy]

Thanks MR for reporting this. Update in progress.

 

[DBZmusicboy01]

iOS 18 has been the worst iOS in history when it comes to safety and stability/performance.

 

[Lizzard899]

iOS 18 has been the worst iOS in history when it comes to safety and stability/performance.

Agreed, it messed up my icloud storage too for no reason. My icloud storage doubled for no reason, when I dont even have the ai features. Its taking up storage thats not even on my phone. Ive reported it on the feedback page many times but they havent fixed it.

 

[FredTX92]

No fix for the 15 Pro Bluetooth yet?

 

[awer25]

iOS 18 has been the worst iOS in history when it comes to safety and stability/performance.

I imagine that as the software gets more complex over time and technology improves, the number of ways to break through security will increase.

 

[Jashar7]

The iOS 18.3.1 and iPadOS 18.3.1 updates that Apple released today include an important security fix, and it's important to install the new software as soon as possible because this bug was exploited in the wild.

According to Apple's security support document for iOS 18.3.1 and iPadOS 18.3.1, it addresses an accessibility vulnerability that could disable USB Restricted Mode on a locked device.

Exploiting this vulnerability requires physical access to a device, and Apple says that it was used against specific individuals.

The vulnerability was fixed with improved state management, according to Apple. Note that Apple has also released iPadOS 17.7.5 with the same security fix for devices that are not able to run iPadOS 18.

You will want to install iOS 18.3.1 if you have an iPhone compatible with iOS 18 in order to ensure you are protected from vulnerabilities. The same goes for iPadOS 18.3.1 or iPadOS 17.7.5 depending on which iPad you have.

Article Link: Make Sure to Update: iOS 18.3.1 Includes Fix for Actively Exploited Vulnerability

Don’t care iOS 18.3 has the best battery life I ver experienced in a while also it’s super smooth, I ain’t updating and ruining my phone 👍

 

[robvalentine]

I imagine that as the software gets more complex over time and technology improves, the number of ways to break through security will increase.

Yep more features = more attack vectors.

 

[Capeto]

I know Apple doesn't provide the specific details for security reasons, but I'm really curious about this specific attack vector and how they learned it was being exploited... definitely seems like something intelligence/law enforcement agencies were abusing.

 

[Hassan69]

Hi, just updated and not able to unlock my phone as thouch screen is not responding and I can't switch it off either.

 

[scrapesleon]

So when are they gonna fix u know the actual bugs in the iOS like the emoji keyboard that keeps on constantly lagging

 

[victorvictoria]

I kinda miss the old days when Apple's market share was so small that no one bothered to look for exploits.

 

[cwerdna]

Indeed. Wouldn't be surprised if https://www.macrumors.com/2024/11/19/graykey-ios-18-partial-unlock/ or Cellebrite was also taking advantage of this...

 

[StuBeck]

I'm gonna wait and just keep my device on me until we confirm there aren't any other issues caused by 18.3.1.

 

[thefrost]

Well that's good to know I guess.

 

[jasonsmith_88]

Weird how iPadOS 17 contains this vulnerability, but iOS 17 doesn’t.

In any case, glad I never updated to 18. Worst iOS in a long time.

 

[segfaultdotorg]

Bill Gates is going to sue them for not releasing this on Patch Tuesday(TM)!

 

[locovaca]

Make sure you re-disable Apple Intelligence after this too… automtically switches back on.

 

[I7guy]

Weird how iPadOS 17 contains this vulnerability, but iOS 17 doesn’t.

In any case, glad I never updated to 18. Worst iOS in a long time.

No it’s not. I find it pretty good, battery life is good and I like aspects of apple intelligence.

 

[ifxf]

I know Apple doesn't provide the specific details for security reasons, but I'm really curious about this specific attack vector and how they learned it was being exploited... definitely seems like something intelligence/law enforcement agencies were abusing.

Found by an external researcher, so I assume the researcher will release details after the patch is released.

 

[eifelbube]

Maybe they should also fix the messages bug in the message app thats been there since 18.2 thats still not fixed. The bug is where when u manually delete texts out of recently deleted folder its supposed to delete from the server end too. BUT it isn't Its suppose to take up to 4 days to delete from the server end but its not doing this. I doubt they will fix this. Ive reported it on the feedback page many times. Also theres a bug with iphone storage that was an issue in 17.5 but not for me. Its gotten better but not perfect. Then theres the icloud storage bug thats been there since ios 18.0.0 where my icloud storage doubles for no reason. Ive reported it many times on the feedback page too and still not fixed. Prob wont be fixed until a yr or so.

What about the missing apostrophe bug? Have you reported it?

 

[Saturn007]

Is Apple trying to force more of us to upgrade our devices to 18?! 😀

Why isn’t the 17.7.5 available to anyone on iPadOS 17 who wants the security fix without updating their device to iPadOS 18.3.1?

“Note that Apple has also released iPadOS 17.7.5 with the same security fix for devices that are not able to run iPadOS 18.”​

​

My iPad 9 is on 17.7.2 and I certainly don't see an option to upgrade to 17.7.5!

P.S. A tangent, I know, but related… We should always have the right to roll back any device to the previous version — or even to the original — at any time, if we, the customers, want to. Must be some EU statute that could apply!