Reprinted from TidBITS by permission; reuse governed by Creative Commons license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary on Apple and Internet topics. For free email subscriptions and access to the entire TidBITS archive, visit http://www.tidbits.com/ iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 Block USB Restricted Mode Attack Adam Engst Apple has released[1]iOS 18.3.1, iPadOS 18.3.1, and the older[2]iPadOS 17.7.5to address a 'highly sophisticated attack' that disables USB Restricted Mode on a locked device. Apple credited Bill Marczak of The Citizen Lab at the University of Toronto with reporting the vulnerability.[3]The Citizen Labhas identified[4]numerous high-profile attacks on Apple productsover the years. [5]USB Restricted Modeis a security feature introduced in iOS 11.4.1 that safeguards data on iPhones and iPads from unauthorized access through USB connections using the USB-C or Lightning port (see '[6]USB Restricted Mode Can Block iOS Device Charging,' 6 August 2018). When enabled, USB Restricted Mode prevents USB accessories from connecting to a device that has been locked for over an hour, thereby protecting against potential exploits when a device is accessed physically while the owner is absent. While this fix is critical, given its use against 'specific targeted individuals,' likely as part of spyware like NSO Group's Pegasus, the chances of it being deployed against anyone unaware they are already in the digital crosshairs are low. In other words, while activists, journalists, and those with access to highly sensitive corporate or government information should update promptly, the rest of us should feel free to install these updates at our convenience. References 1. https://support.apple.com/en-us/122174 2. https://support.apple.com/en-us/122173 3. https://citizenlab.ca/ 4. https://tidbits.com/?s=%22Citizen%20Lab%22&sort=newest 5. https://support.apple.com/en-us/111806 6. https://tidbits.com/2018/08/06/usb-restricted-mode-can-block-ios-device-charging/ .