Apple has released an urgent security update for iPhones and iPads, addressing a critical vulnerability that could allow attackers to bypass the USB Restricted Mode security feature on locked devices. The emergency patch, iOS 18.3.1, comes just two weeks after the release of iOS 18.3 and is available for iPhone XS and later models, as well as recent iPad Pro, iPad Air, and iPad mini devices.

According to Apple's security advisory, the vulnerability (tracked as CVE-2025-24200) could be exploited through a physical attack to disable USB Restricted Mode on a locked device. USB Restricted Mode is a crucial security feature that requires users to enter their device passcode before connecting to a computer or accessory via USB, preventing unauthorized access to user data.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."— Apple Security Advisory

The vulnerability was reported by security researcher Bill Marczak from Citizen Lab, an organization known for uncovering high-profile zero-day exploits used in targeted attacks. While Apple has not provided extensive details about the exploitation, the company's characterization of the attack as "extremely sophisticated" and targeted suggests it may be linked to state-sponsored surveillance efforts.

This latest security patch continues Apple's ongoing efforts to protect users from potential threats. In 2024, the company addressed six actively exploited zero-day vulnerabilities, while 2023 saw a staggering 20 such flaws patched throughout the year. The frequency of these updates underscores the constant cat-and-mouse game between security researchers, malicious actors, and tech companies in maintaining device security.

Users are strongly advised to update their devices immediately by navigating to Settings > General > Software Update. The swift release of this patch highlights the critical nature of the vulnerability and Apple's commitment to rapidly addressing security concerns that could impact user privacy and data protection.