niftycent.com
NiftyCent
SK
Prihlásiť sa
Marketplace
Zľavy

Apple patches iPhone exploit that allowed for ‘extremely sophisticated' attack

A new iPhone update patches a flaw that could allow an attacker to turn off a nearly seven-year-old USB security feature. Apple’s release notes for iOS 18.3.1 and iPadOS 18.3.1 say the bug, which allowed the deactivation of USB Restricted Mode, “may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

The release notes describe the now-patched security flaw as allowing “a physical attack,” which suggests the attacker needed the device in hand to exploit it. So, unless your device was hijacked by “extremely sophisticated” attackers, there was nothing to panic about even before Monday’s update.

USB Restricted Mode, introduced in iOS 11.4.1, prevents USB accessories from accessing your device’s data if it hasn’t been unlocked for an hour. The idea is to protect your iPhone or iPad from law enforcement devices like Cellebrite and Graykey. It’s also the reason for the message asking you to unlock your device before connecting it to a Mac or Windows PC.

Aligned with its typical policy, Apple didn’t detail who or what entity used the attack in the wild, only noting that the company is “aware of a report that this issue may have been exploited.” Security researcher Bill Marczak of the University of Toronto’s Citizen Lab reported the flaw. In 2016, while in grad school, he discovered the iPhone’s first known zero-day remote jailbreak, which a cyberwarfare company sold to governments.

You can make sure USB Restricted Mode is activated by heading to Settings > Face ID (or Touch ID) & Passcode. Scroll down to “Accessories” in the list and ensure the toggle is off, which it is by default. Somewhat confusingly, toggling the setting off means the security feature is on because it lists features with allowed access.

As usual, you can install the update by heading to Settings > General > Software Update on your iPhone or iPad.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/apple-patches-iphone-exploit-that-allowed-for-extremely-sophisticated-attack-214237852.html?src=rss https://www.engadget.com/cybersecurity/apple-patches-iphone-exploit-that-allowed-for-extremely-sophisticated-attack-214237852.html?src=rss
Vytvorené 14d | 10. 2. 2025, 22:50:28


Ak chcete pridať komentár, prihláste sa

Ostatné príspevky v tejto skupine

Disney+ just dropped an explosive trailer for Andor season 2
Disney+ just dropped an explosive trailer for Andor season 2

It’s been well over two years, but the wait is almost over. The second season of Andor hits Disney+ on April 22. The platform

24. 2. 2025, 20:40:26 | Engadget
Gmail will stop using SMS for two-factor authentication
Gmail will stop using SMS for two-factor authentication

Google is planning to end support for SMS-based two-factor authentication in Gmail,

24. 2. 2025, 20:40:25 | Engadget
Balatro is about to hook a lot more players now that it's on Game Pass
Balatro is about to hook a lot more players now that it's on Game Pass
24. 2. 2025, 20:40:24 | Engadget
How to follow the Amazon devices event on February 26
How to follow the Amazon devices event on February 26

It's sort of out of character for Amazon to be hosting

24. 2. 2025, 20:40:22 | Engadget
Here's how to get MagSafe charging on an iPhone 16e
Here's how to get MagSafe charging on an iPhone 16e

The Apple iPhone 16e looks like a solid

24. 2. 2025, 20:40:21 | Engadget
Anthropic’s new Claude model can think both fast and slow
Anthropic’s new Claude model can think both fast and slow

Another week, and there's another new AI model ready for public use. This time, it's Anthropic with the introduction of

24. 2. 2025, 20:40:20 | Engadget
The Apple Pencil Pro is back on sale for $99
The Apple Pencil Pro is back on sale for $99

Apple’s fantastic stylus, the Pencil Pro, is on sale

24. 2. 2025, 18:30:26 | Engadget
Techie
Techie