The emergency update fixes a critical security flaw (CVE-2025-24200), allowing attackers to bypass USB Restricted Mode on locked devices. Apple urges all users to update immediately.
Apple has rolled out an urgent update, iOS 18.3.1, to address a security flaw that has reportedly been exploited in targeted cyberattacks. The update, released on February 10, 2025, comes just two weeks after iOS 18.3 and includes critical bug fixes and security improvements.
The most significant fix in Apple iOS 18.3.1 is for a zero-day vulnerability identified as CVE-2025-24200. This authorization issue flaw allowed attackers with physical access to a locked device to disable USB Restricted Mode. The feature, introduced in iOS 11.4.1, is designed to prevent unauthorized data extraction from iPhones using digital forensic tools like Cellebrite or GrayKey.
Apple, a leading AI company, acknowledged this vulnerability, stating:
"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."
Bill Marczak of The Citizen Lab discovered and reported the flaw at the University of Toronto’s Munk School. Apple has addressed the issue with "improved state management."
Which Devices Are Affected?
The Apple iOS 18.3.1 update is installable on all iPhones from the iPhone XS and onwards. A corresponding iPadOS 18.3.1 update is available for the various models of iPads, and Apple also released iPadOS 17.7.5 for older devices.
How to Update
To install Apple iOS 18.3.1, users should navigate to Settings > General > Software Update, then select Download and Install. The update is relatively small (676MB on an iPhone 16 Pro Max) and installs within minutes.
This emergency patch precedes the anticipated iOS 18.4 update, which is expected in April, and is rumored to introduce major improvements to Siri. However, given the security risks associated with CVE-2025-24200, Apple users are strongly advised not to wait and to install Apple iOS 18.3.1 immediately.
