Apple has released a fresh software update for iPhones and iPads to plug a critical flaw that could allow bad actors to extract data even from a locked device. The company says if granted physical access, an attacker could break past the safety of USB Restricted Mode on the target iPhone or iPad.The aforementioned guardrail prevents USB accessories from pulling data from an iPhone that has been sitting in a locked state for over an hour. It seems there was an authorization flaw within Apples Accessibility framework that could allow an attacker to disable the USB Restricted Mode safety net.Recommended VideosUpdate your iPhones.. again, says Bill Marxzak, the security expert who discovered the vulnerability, which Apple confirms to have been exploited. The iOS 18.3.1 and iPadOS 18.3.1 updates are now rolling out globally, and you can install them by following this path: Settings > General > Software update.Please enable Javascript to view this contentThe vulnerability was reported by an expert hailing from Citizen Lab at The University of Torontos Munk School. And it seems the weakness has been exploited in the wild, but the specific details have not been revealed in typical Apple fashion.Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals, Apple says in its release notes. Following is a list of devices that are eligible for the update:iPhone XS and lateriPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and lateriPad Air 3rd generation and lateriPad 7th generation and lateriPad mini 5th generation and laterUpdate your iPhones.. again! iOS 18.3.1 out today with a fix for an ITW USB restricted mode bypass (via Accessibility) https://t.co/jcrsab7RGu pic.twitter.com/ER42QQcsLj Bill Marczak (@billmarczak) February 10, 2025Apple introduced USB Restricted Mode roughly seven years ago. This feature fundamentally blocks an external USB device from establishing a data connection with an iPhone. It also serves as a crucial line of defense against devices such as those offered by Cellebrite, which are often used by law enforcement agencies to brute-force their way into a locked iPhone and extract data.In November, Apple strengthened the safety guardrails with an inactivity reboot system that was quietly introduced with the iOS 18.1 update. Essentially, it assesses the inactivity status of a device by inserting an automatic reboot protocol for iPhones that have not been unlocked in a while.That rebooting is the key to the security magic. As soon as in iPhone restarts, it enters a Before First Unlock (BFU) state, which encrypts files stored on the device. Only after the device is unlocked, a decryption key is generated, which eventually allows access to the local data.Even Cellebrite, which has long been a favorite of law enforcement agencies for cracking open locked devices, warns investigators that if they seize a device, they should keep it powered on so that meaningful data extraction is possible.Editors Recommendations