Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.


The iOS 18.3.1 and iPadOS 18.3.1 updates that Apple released today include an important security fix, and it's important to install the new software as soon as possible because this bug was exploited in the wild.

bug-security-vulnerability-issue-fix-larry.jpg

According to Apple's security support document for iOS 18.3.1 and iPadOS 18.3.1, it addresses an accessibility vulnerability that could disable USB Restricted Mode on a locked device.

Exploiting this vulnerability requires physical access to a device, and Apple says that it was used against specific individuals.

The vulnerability was fixed with improved state management, according to Apple. Note that Apple has also released iPadOS 17.7.5 with the same security fix for devices that are not able to run iPadOS 18.

You will want to install iOS 18.3.1 if you have an iPhone compatible with iOS 18 in order to ensure you are protected from vulnerabilities. The same goes for iPadOS 18.3.1 or iPadOS 17.7.5 depending on which iPad you have.

Article Link: Make Sure to Update: iOS 18.3.1 Includes Fix for Actively Exploited Vulnerability
This is like airport USB outlets?
 
  • Like
Reactions: Crowbot
Make sure you re-disable Apple Intelligence after this too… automtically switches back on.
Yes this p*ssed me off. I have been scrupulous about not enabling and then DISabling Apple Intelligence when they forced it ON with .3. Then a x.x.1 update overrides all that and tries to enable it again. I have tried to make it clear I do NOT want that sh*t on my systems.
 
Yes this p*ssed me off. I have been scrupulous about not enabling and then DISabling Apple Intelligence when they forced it ON with .3. Then a x.x.1 update overrides all that and tries to enable it again. I have tried to make it clear I do NOT want that sh*t on my systems.
They're already doing this with iCloud features. I have to quickly go in to iCloud settings to disable all the options I don't want (which is almost everything) after every update. Leave it on for too long and data gets sent and it gets messy when turning it off afterwards
 
I wonder if this exploit exist in the original iOS 18.0 (22A3351) that shipped with iphone 16s?
 
Exploiting this vulnerability requires physical access to a device, and Apple says that it was used against specific individuals.

If the person needs your device unlocked to perform this why are you giving such a person your phone? Everyone I know that is around my phone is a friend. I don’t leave it around for strangers to mess with it


James
 
  • Like
Reactions: DianaofThemiscyra
Having to micro manage settings after every update is a great user experience /sarcasm
No matter what the setting is in today’s day and age the settings give one options. This post is a perfect example of why “apple can’t win” in forums such as MR. People complain if it’s off and have to turn it in or people complain if it’s on or have to turn it off. And the. People complain if the option doesn’t exist. People just complain as if it changes apples mind.

Thanks for pointing this out. /sarcasm
 
No matter what the setting is in today’s day and age the settings give one options. This post is a perfect example of why “apple can’t win” in forums such as MR. People complain if it’s off and have to turn it in or people complain if it’s on or have to turn it off. And the. People complain if the option doesn’t exist. People just complain as if it changes apples mind.

Thanks for pointing this out. /sarcasm
Having the option is nice but means nothing when apple ignores it and changes it behind your back. In case you don't know Tim is re-enabling apple AI after you turn it off.
 
Just checked and I'm not missing any apostrophe's. All are precisely where they should be. What bug are you talking about and how many people have noticed it?
I've got a feeling there's some you missed. That's ok, it's not a big deal =)
 
No matter what the setting is in today’s day and age the settings give one options. This post is a perfect example of why “apple can’t win” in forums such as MR. People complain if it’s off and have to turn it in or people complain if it’s on or have to turn it off. And the. People complain if the option doesn’t exist. People just complain as if it changes apples mind.

Thanks for pointing this out. /sarcasm
Why can't it stay the way the user set it?
 
And if you think you didn’t delete it and try again

Surprise 🎉😈🤣🤣

You delete other messages/emails

It happened to me

I had to go into the bin to recall them ffs 🤣🤣
 
  • Like
Reactions: Lizzard899
Is Apple trying to force more of us to upgrade our devices to 18?! 😀

Why isn’t the 17.7.5 available to anyone on iPadOS 17 who wants the security fix without updating their device to iPadOS 18.3.1?

“Note that Apple has also released iPadOS 17.7.5 with the same security fix for devices that are not able to run iPadOS 18.”​
My iPad 9 is on 17.7.2 and I certainly don't see an option to upgrade to 17.7.5!

P.S. A tangent, I know, but related… We should always have the right to roll back any device to the previous version — or even to the original — at any time, if we, the customers, want to. Must be some EU statute that could apply!
It seems obvious to me that Apple is trying to force the upgrade to iOS/iPadOS. I agree completely with Saturn007: to have known vulnerabilities fixed with 17.7.5, but not make them available to those of us who, for whatever reason, don’t want to upgrade (yet) to 18 doesn't seem in line with Apple’s traditional concern about security.

I think my strategy (and I’m not a power user whose business or profession might be impacted by the security risks) will be to wait for the last 18.3.x release, or maybe the last 18.4.x before upgrading. I’ve had enough headaches with iOS and iPadOS 17. Why incur more problems with what some users are saying is a really bad version 18, when I don’t even want or need any of the new features it provides.

Comments?
 
I see were back to apps like Weather prompting for Location indefinitely, again.
 
Given this is a physical access attack, does this protect against grey key or what ever it is law enforcement use? For now anyway
 
It seems obvious to me that Apple is trying to force the upgrade to iOS/iPadOS. I agree completely with Saturn007: to have known vulnerabilities fixed with 17.7.5, but not make them available to those of us who, for whatever reason, don’t want to upgrade (yet) to 18 doesn't seem in line with Apple’s traditional concern about security.

I think my strategy (and I’m not a power user whose business or profession might be impacted by the security risks) will be to wait for the last 18.3.x release, or maybe the last 18.4.x before upgrading. I’ve had enough headaches with iOS and iPadOS 17. Why incur more problems with what some users are saying is a really bad version 18, when I don’t even want or need any of the new features it provides.

Comments?
18 has been fine for me. Other than usual rubbish iOS keyboard
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.