Apple releases security updates to prevent hacking tools for passcodes on iPhone.

Apple has released updates for iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 today to address a zero-day exploit that could allow attackers to access data on locked devices. This update fixes a vulnerability affecting the USB Restricted Mode, a feature implemented by Apple since iOS 11.4.1 in 2018, designed to prevent attempts to bypass device passcodes and ensure user information protection.

Reports indicate that the vulnerability was pointed out by Bill Marczak of Citizen Lab, who noted that it could have been used in an extremely sophisticated attack targeting specific individuals. Apple has patched USB Restricted Mode issues in the past, and with the release of iOS 18, it introduced a new "idle reset" feature that powers off unused devices after a few days to require a passcode for access.

In addition to these updates, new versions were also released today for platforms such as Mac, Apple Watch, and Vision Pro, although security notes related to these have not yet been published.

Details on the new update:

• iOS 18.3.1 and iPadOS 18.3.1
• Release Date: February 10, 2025
• Compatibility: Available for iPhone XS and later models, 13-inch iPad Pro, 12.9-inch iPad Pro (3rd generation and later), 11-inch iPad Pro (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
• Impact: A physical attack could disable USB Restricted Mode on a locked device. Apple has acknowledged a report suggesting that this issue may have been exploited in a sophisticated attack against specific individuals.
• Description: An authorization issue has been addressed with improved state management.