Update to iOS 18.3.1 Right Now. There’s a ‘Sophisticated Attack’ Risk, Apple Says.

Well, that didn’t take long. After a fairly weighty update to iOS 18.3 two weeks ago and all the fanfare that accompanied the features contained within Apple is now pulling its hair out over an attack to which iPhone and iPad users are currently vulnerable.

“A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” Apple writes in a page detailing the security content of the iOS 18.3.1 and iPadOS 18.3.1 updates.

usb restricted mode? what’s that?

USB Restricted Mode is a security feature that prevents accessories plugged into the device from exchanging or siphoning data an hour after the device has been locked.

NordVPN has a good explainer of what it does and how it enhances security in certain situations, but it doesn’t mention that it isn’t just in use by devices with Lightning connections, which Apple has phased out. It also applies to the iPhone 15 series and newer, which use USB-C connections instead of Lightning, and newer iPads.

The vulnerability was found as part of the CVE Program’s operations (CVE-2025-24200: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School). It’s a system for rapidly publicizing and sharing information about software vulnerabilities in a publicly accessible database so that people can respond to them as quickly as possible.

As their website puts it, “The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities… the vulnerabilities are discovered, then assigned and published by organizations from around the world that have partnered with the CVE Program.”

there’s no good reason not to update

If you’ve yet to update to iOS 18.3, don’t just take the news of the vulnerability to mean that you should just not update your device at all. For one, the features in iOS 18.3 are worth snagging.

And two, the longer you wait to update any device, the more out of date your device’s operating system becomes, which typically leaves it increasingly vulnerable to hackers and malware, not to mention eventual stability and compatibility problems.

On the one hand, let’s keep this in perspective. The vulnerability Apple alludes to is for “specific targeted individuals,” rather than a massive, fishing-net-style exploitation aimed at the mass of iPhone and iPad users. Unless you’re Jason Bourne, you’re not likely to attract that sort of expert attention.

But on the other hand, why risk it? The update is free and couldn’t be easier to download. It took me just a couple of minutes to download and install this afternoon. The peace of mind alone is worth it.

Go ahead and update to iOS 18.3.1 for your iPhone, or if you’re an iPad user, iPadOS 18.3.1. You can find updates by going to Settings, then General, and then Software Update.