On Monday, Apple issued updates for its mobile functioning systems for iOS and iPado, which arranged a flaw that the company said “may have been used in an extremely sophisticated attack against specific specific individuals.”
In IOS release notes 18.3.1 and IPado 18.3.1, the company said that weakness allowed the disability of limited USB mode in a closed device “. Submitted in 2018, the limited USB mode is a security feature that blocks the ability for an iPhone or iPad to send data on a USB connection if the device is not unlocked for seven days. Last year, Apple issued another safety feature that you rekindle the equipment if they are not unlocked for 72 hours, making it more difficult for law enforcement or criminals using forens to access data on those devices .
Based on his language used in his security update, Apple hints that attacks most likely were carried out with physical control of a person’s equipment, meaning that anyone who abused this flaw had to be connected to the equipment Apple of the person with a forensic device like Cellebrite or Graykey, two systems that allow law enforcement to unlock and access data stored on iPhones and other devices.
The weakness was discovered by Bill Marczak, a senior researcher at Citizen Lab, a group of the University of Toronto who investigates online attacks against civil society.
Contact us
Do you have more information about this flaw, or the iphone zero-day and online attacks? From a job without work, you can contact Lorenzo Franceschi-Bicchierai safely on the signal at +1 917 257 1382, or through the telegram and keybase @lorenzofb, or email. You can also contact techcrunch via securedrop.
Apple did not respond to a comment request with press time.
Marczak told Techcrunch that he could not comment on the record at this point.
It is unclear at this point that was responsible for the abuse of this flaw, and against whom it was used. But there have been documented cases in the past where law enforcement agencies have used forensic tools, which usually abuse so-called zero-days in devices like iPhone, unlock equipment and access data inside.
In December 2024, Amnesty International issued a report documenting a series of attacks by Serbian authorities where they used Cellebrite to unlock the phones of activists and journalists in the country, and then install malware on them.
Security researchers said Cellebrite forensic equipment is likely to be used “widely” for individuals in civil society, according to amnesty.
