Photo: Digital Trends

Apple has released iOS 18.3.1 and iPadOS 18.3.1 to patch a critical security flaw that could allow attackers to steal data from locked iPhones and iPads.

The vulnerability, discovered by security expert Bill Marxzak and reported by Citizen Lab at the University of Toronto, bypasses the USB Restricted Mode, a security feature designed to prevent data extraction from locked devices. Apple confirms the vulnerability has been exploited in the wild, though details of the attacks remain undisclosed.

The flaw resided within Apple's Accessibility framework, allowing attackers with physical access to disable USB Restricted Mode. This mode normally blocks USB accessories from accessing data on locked devices after an hour of inactivity.

The update is crucial for all eligible devices, including iPhone XS and later, iPad Pro models, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later. Users are urged to update immediately by navigating to Settings > General > Software Update.

SOURCE