Apple has published iOS 18.3.1, an emergency correction that solves a single security problem that is already … (+)
Update, February 12, 2025: This story, initially published on February 11. Now includes an analysis of additional experts on the iOS 18.3.1 corrected by default, other published updates and information on an Apple Intelligence bug which could have been introduced.
Apple has published iOS 18.3.1, as well as a warning to update your iPhone now. This is because iOS 18.3.1 is an emergency corrective that solves a single security problem that is already used in real life attacks.
Apple does not give much details on what is corrected in iOS 18.3.1, to give users of the iPhone as much time as possible to update before more attackers can obtain details.
But what we know is that the iOS 18.3.1 update corrects a flaw in accessibility where a physical attack can deactivate the limited USB mode on a locked device. “Apple is aware of a report that this problem may have been exploited in an extremely sophisticated attack against specific targeted individuals,” said the iPhone manufacturer on his Support page.
Monitoring like CVE-2025-24200The problem corrected in iOS 18.3.1 was reported by Bill Marczak of the Citizen Lab at the Munk school of the University of Toronto.
iOS 18.3.1 – A targeted attack
As a josh long safety researcher writingApple USB restricted mode is an added safety feature in iOS 11.4.1 included in all subsequent versions of iOS and iPados. “The limited USB mode prevents locked devices from disclosing data to all accessories connected to the USB-C or Lightning port,” explains Long.
This means that for any accessory that does more than the load to work with your iPhone or iPad, the device must be unlocked when you connect it.
This helps prevent, for example, hacker tools such as Grashift Graykey from being able to enter a locked device, says a long. “Such pirate tools are mainly available for government organizations and the application of the law, but it is possible for them to fall into bad hands.”
The nature of this attack is also supported by the fact that vulnerability has been reported by Citizen Lab – an organization which is investigating digital spying against civil society.
It was clear iOS 18.3.1 arrived – The update had been disclosed last week, but no one knew what it contained. At the time, I hypothesized that he could include emergency safety fixes, and it seems that I was right. Apple only released iOS 18.3 At the end of January, again illustrating the emergency nature of this iPhone upgrade.
iOS 18.3.1 Apple Intelligence “Bug”
One thing to note on iOS 18.3.1 is that it apparently removes the default Apple Intelligence, even if you deactivated it when updating to iOS 18.3, according to a report on the site focused on Apple Apple 9TO5MAC.
There are many reasons why you may not immediately want Apple Intelligence and especially by default. One of them is confidentiality, since AI collects a lot of data on you. Admittedly, Apple has a particular emphasis on confidentiality and its AI is as secure as possible because it performs the requests it can on the device with other sent to its own calculation of private cloud.
When Chatgpt is integrated into SIRI via Apple’s partnership with OPENAI, the iPhone manufacturer will ask before sending data to the company. However, it is important to note that if you authorize your data to be sent to Chatgpt, the less strict Privacy Policy of Openai applies.
The developer Jeff Johnson was one of the first to discover the iOS 18.3.1 bug, which also has an impact on MacOS 15.3.1 without the usual jump option for the moment. He underlines that the security researcher Will Dormann had the same problem on iOS.
The problem is not huge, so it is likely that Apple will await its next series of updates to repair it. For the moment, once you have passed to iOS 18.3.1, access your iPhone settings> Apple Intelligence & Siri and Toggle Apple Intelligence.
Apart from the BUG of the Opt-in of Apple Intelligence intelligence, people say that iOS 18.3.1 works well on their iPhones. In fact, the performances are “excellent”, according to posters on Reddit, which have noticed an improvement compared to iOS 18.3.
I updated to iOS 18.3.1 as soon as it arrived on my iPhone 16 pro and I had no problem far. In fact, I dare to say it, my iPhone works quite well.
Other updates published alongside iOS 18.3.1
Alongside iOS and iPad OS 18.3.1 and iPados 17.7.5 Apple has published a certain number of updates for other devices: MacOS Sequoia 15.3.1, MacOS Sonoma 14.7.4, MacOS Ventura 13.7.4, Watchos 11.3.1, Visionos 2.3.1.
But the content of these updates remains a mystery. On his assistance page, the iPhone manufacturer indicates that each upgrade “did not publish the CVE inputs.”
This despite the fact that the company generated generic that other updates provide “important security fixes” and are “recommended for all users”, the security researcher underlines Josh Long.
Apple attributes CVE numbers to most of the vulnerabilities of its products to help researchers and IT administrators to explain if a specific vulnerability exists on several products, he says.
“So, if this series of updates does not deal with vulnerabilities to CVE number, why does Apple say that updates contain significant security fixes? Perhaps Apple tackled other security problems-which Apple has deemed it too insignificant to justify the attribution of a CVE, “he suggests.
Or, perhaps more likely, Apple has just copied and stuck the text of Passe-Partout, but has not really made safety improvements, he said. “If something else had changed, we could expect that additional recognition note in its IOS and iPados security version notes. Due to the common points between the code base of each operating system, the absence of this section of the iOS and iPados safety notes seems to involve a copy-paste work in the general version notes for each Mac, Apple Apple Watch and Apple Vision Pro of this week updates to the operating system. »»
Long also underlines that during the IOS 18.3.1 emission, Apple did not patche TVOS and HomePod Software Audios.
Apple only accepts the latest macOS version, currently, MacOS Sequoia, explains Long. “The older macOS versions only obtain a subset of these fixes and remain vulnerable. Therefore, staying on the latest macOS version is extremely important to maintain your security and your privacy, ”he advises.
It is wise to save before updating, said a lot. “Whenever you prepare to update MacOS, iOS or iPados, it’s a good idea to always save your data before installing updates. This gives you a restoration point if something does not go as planned. »»
Why should you update now to iOS 18.3.1
The attack set in iOS 18.3.1 was very targeted, probably affecting high -level people such as journalists, dissidents, certain companies and government representatives. If you settle in this group, update now.
Since the defect is already used in attacks, it is essential that all iOS users “immediately update iOS 18.3.1”, Adam Boynton, principal director of EMIA security strategy at Jamf
By taking advantage of this defect, an attacker could “obtain full administrative access to the aircraft, allowing them to identify the owner and execute any software on their behalf,” he warns.
However, according to Apple’s advice, it is not a vulnerability at a distance executable – which makes it more difficult to attack because you should be physically with the iPhone, says Boynton. “The attacker would probably need physical control of the user’s device to deactivate the limited USB mode on a locked device. As it is a sophisticated physical attack, it is likely to target high value individuals of great value. »»
Despite this, Boynton “strongly recommends that all users update their Apple to iOS 18.3.1 devices”.
“Keeping the devices up to date with the latest fixes is one of the most effective ways to protect themselves from attackers,” said Boynton.
IOS 18.3.1 Apple is available for the iPhone XS and later, 13 -inch iPad Pro, iPad Pro 12.9 inch 3rd generation and later, iPad Pro 11 inch 1st generation and later, iPad Air 3rd generation and Later, iPad 7th generation and later, and iPad Mini 5th generation and later. If you have one of these devices, you need to update now to protect your iPhone or iPad from attacks.
Apple published iOS 18.3.1 alongside iPados 17.7.5, but this is only available for the iPad Pro 12.9 inch 2nd generation, iPad Pro 10.5 inch and 6th generation. There is no iPhone update for older iPhones that could be because they are not affected, but as far as I know, Apple does not update iOS 17 for that which simply wants Choose to stay on the old operating system.
With the fault fixed in iOS 18.3.1 used in real attacks, it is essential that you update your iPhone now to stay safe. You know what to do. Access your settings> software update and upgrade your iPhone to iOS 18.3.1.
