Apples platforms may bemore secure by designthan others, but that doesnt make them invulnerable to attack. Thats why every user should install the companys latest security patch it fixes a hole Apple says may already have been in active use.It is important to note that the attack seems to be one that requires direct, physical access to the target device. But iPhones, Macs, and iPads all seem to be vulnerable.Update your devices todayThe language used in the companys description of the patch (CVE-2025-24085) is notably more urgent than usual. Introducing it,Apple states: A physical attack may disableUSB Restricted Modeon a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.Adam Boynton, senior security strategy manager at Jamf, has said the flaw could potentially let attackers gain full admin access to a hacked device.The indictions are that this vulnerability formed part of highly targeted attacks. It is also important to note that Apple has published software patches to protect against this vulnerability for several older Mac operating systems, including macOS Sequoia, Sonoma, and Ventura. Patches for older iPads, Apple Watch and Vision OS devices were also made available.Was this a state actor?The description strongly hints the vulnerability may have been actively used in major attacks to sidestep USB-based attacks, enabling unauthorized USB devices to be used to exfiltrate user data. So does the discoverer of the flaw,Bill Marczakof The Citizen Lab at The University of Torontos Munk School.What makes this feel a little worse is that Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.While additional information is not provided Apple likes to limit what it reveals so assailants are kept in the dark as to how it deploys improved protection it is reasonable to see this as a big red flag reflecting the current threat environment.Look at recent security scares across multiple platforms and it becomes clear that nation-state attacks are intensifying, that surveillance-as-a-service firms continue to be a near and present threat, and ill-thought-through moves by some governments will eventually make things even more insecure.No one is secure until everyone is secureTake thepower-crazed authoritarianismof the recent UK government move to demand Apple open up the iCloud data of billions to surveillance by UK authorities. Other than the color of the national flag, there is no difference between the potential abuse of the back door the UK now demands from Apple and the US-mandated door recently exploited by allegedly Chinese terrorists. As almost every security expert universally agrees, there isno such thing as a safe back door. The keys will proliferate, the cost of mounting attacks shrink, and eventually there is no security left at all.Thats what seems to be important about Apples latest update; it seems designed to put a stop to at least one attack vector that could be exploited by sophisticated attackers. Thats why the company referred to an extremely sophisticated attack against specific targeted individuals.The threat against individuals also deserves to be contextualized. Nation-state attackers areincreasingly targeting operational infrastructure(OT) and in those exploits individual security becomes a link in complex, planned excursions topenetrate trusted, vital systems. Thats everything from road transport management to smart factories. An individual might not be the final target, but their security or lack of it is a link in a chain of attacks to undermine OT security.In other words, by making individuals less safe, weak security makes everything else less safe, including nations, economies, manufacturing, transit systems and more.Protecting those assets is in every nations interest, which is why Apple has pushed out this patch, why you should install it, and why any nation plotting to weaken security for any reason should think more than twice before doing so. There is no such thing as a safe back door and no one using confidential data should ever use a public USB charging system, just in case theres a monster within.In the meantime, install Apple security updates as they appear. Just because you dont happen to be a high-value target doesnt mean you have not been identified as part of a potential route to attack one.You can follow me on social media! Join me onBlueSky, LinkedIn,Mastodon, andMeWe.