Apple warns 'extremely sophisticated attack' may be targeting iThings
Cupertino mostly uses bland language when talking security, so this sounds nasty
Apple has warned that some iPhones and iPads may have been targeted by an “extremely sophisticated attack” and has posted patches that hopefully prevent it.
The patches fix a flaw in USB Restricted Mode, a feature Apple introduced in 2018 and which disables the Lightning or USB ports on iPhones and iPads if they’re locked for more than hour. Apple locks the ports to prevent attacks that involve connecting a cable to the ports. Once a user authenticates and unlocks a device, the ports come back to life.
Now it appears such attacks remain a possibility, as Apple on Monday issued the following advice:
A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals
That’s unusually vivid language for an Apple advisory, as Cupertino usually uses terms like "may have been actively exploited" to describe flaws it feels may have been targeted by attackers.
The National Institute of Standards and Technology’s assessment of the flaw describes it as “An authorization issue [that] was addressed with improved state management.”
Whatever the nature of the bug, Apple has fixed it in iOS 18.3.1, iPadOS 18.3.1 and iPadOS 17.7.5. The updates are available for the iPhone XS and later, and plenty of iPad pro, iPad Air, iPad Mini, and vanilla iPad models.
- Apple plugs security hole in its iThings that's already been exploited in iOS
- Cellebrite got into Trump shooter's Samsung device in just 40 minutes
- 'Almost every Apple device' vulnerable to CocoaPods supply chain attack
- Microsoft fixes a bug abused in QakBot attacks plus a second under exploit
Apple’s mobile devices have been compromised with physical attacks before, sometimes using commercial tools from Israeli outfit Cellebrite which promotes its wares as helping law enforcement agencies to speed investigations.
For nearly a decade, Cellebrite has helped to open locked devices so they can be used in evidence. The company is very good: after last year's attempted assassination of now-President Trump, Cellebrite managed to crack the shooter's Android phone in 40 minutes.
Apple makes much of its privacy and security features, but also promotes itself as a good corporate citizen that’s as keen as anyone to crack down on crime. That makes its relationship with vendors like Cellebrite delicate. We asked Apple for details and haven’t received a response at the time of publication.
The flaws fixed by today’s patches were spotted by Bill Marczak, a senior researcher at the Citizen Lab, run within the University of Toronto. "Update your iPhones.. again! iOS 18.3.1 out today with a fix for an ITW [in the wild] USB restricted mode bypass," he warned. ®