Apple Releases iOS 18.3.1 | Here’s Why You Should Update Now
Toggle Dark Mode
Apple’s release of iOS 18.3 in late January may not have have had too many exciting things to offer, it did make some improvement to Apple Intelligence and fix a nagging Calculator app bug. Today, Apple has pushed out iOS 18.3.1, and while there’s nothing here in the way of user-facing features, there’s at least one compelling reason why you won’t want to skip this update.
The primary release notes for iOS 18.3.1 list little more than the usual “important bug fixes and security updates” while adding that it’s recommended for all users. However, like most “sub-point” releases, there’s more to these security issues than meets the eye.
Specifically, Apple’s security release notes for iOS 18.3.1 (and iPadOS 18.3.1) list a fix for a single security flaw related to Accessibility. However, don’t let that fool you, as that just indicates in what part of the code the flaw was found. The issue is potentially much more serious, and it may have already been exported.
A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
USB Restricted Mode is a feature that was added in iOS 11.4 nearly six years ago with the goal of blocking iPhone hacking tools. In its initial form, it kicked in to block data transfer through the iPhone’s Lightning port when the device hadn’t been unlocked in more than seven days. Apple significantly improved the feature with iOS 12 the following year by reducing that timeout to one hour.
Apple created USB Restricted Mode in response to forensic hacking tools like the GrayKey box. Most commonly used by law enforcement, GrayKey and other similar tools work by physically connecting to the Lightning or USB-C port on the iPhone; USB Restricted Mode blocks them by effectively disabling that port for anything but charging.
The issue has become so problematic that specialized law enforcement agents will carry around a “delay dongle” to prevent the one-hour timer from expiring before they can reach the lab and get it plugged for forensic analysis.
Sadly, it sounds like a flaw in the Accessibility framework in iOS 18.3 has just given investigators and hackers a bonus gift. While Apple doesn’t go into any detail on the mechanics of how this works, the iOS 18.3.1 notes say that it was released to an “authorization issue” that Apple “addressed with improved state management.”
To be clear, this isn’t as serious a vulnerability as some of the others that have been actively exploited — as long as you hang onto your iPhone, that is. Physical access is required to disable USB Restricted Mode, but that’s irrelevant as this security feature only defends against physical access in the first place. There’s nothing here that a remote attacker can accomplish.
However, if your iPhone is stolen and it falls into the hands of a hacker with the right skills or tools, this iOS 18.3 vulnerability could potentially allow them to access at least some of your personal information. While not every iPhone theft ring is capable of such things, there are more incentives than ever to gain access to locked iPhones now that Apple has expanded its Activation Lock to include parts.
Activation Lock has been around for over a decade, so most thieves have given up on stealing iPhones for direct resale; organized theft rings know they’re stealing a brick. However, there’s still enough of a market for the parts inside the iPhone to make it worth the effort of small-time crooks to pickpocket and snatch and grab phones to sell them up the line.
Eventually, stolen iPhones end up in the hands of larger crime groups that may try to “social engineer” the original owner to unlock the iPhone (a common scam is removing the SIM card and then texting the original owner to get them to remove it from Find My), but if that fails, it just gets taken apart and the displays, batteries, and camera modules go onto the black market as parts that end up in less reputable repair shops.
With the iPhone 15 and newer models, the most valuable components in an iPhone now share the Activation Lock of the device they came from. A display or battery from a locked iPhone 15 can never be used in another iPhone. Once that catches on, the market for stolen iPhones will dry up again, hopefully leading to a reduction in thefts as it did when Activation Lock first debuted in iOS 7. However, until then, there are piles of stolen iPhone 15 and iPhone 16 units in the hands of criminals who will be looking for the best way to bypass these Activation Locks so they can benefit from their ill-gotten gains.
