Discussion:
Careless Apple FINALLY patches iPhone exploit that allowed for 'extremely sophisticated' attack
Add Reply
Warren
2025-02-11 09:31:36 UTC
Reply
Permalink
A new iPhone update patches a flaw that could allow an attacker to turn
off a nearly seven-year-old USB security feature. Apple’s release notes
for iOS 18.3.1 and iPadOS 18.3.1 say the bug, which allowed the
deactivation of USB Restricted Mode, “may have been exploited in an
extremely sophisticated attack against specific targeted individuals.”

The release notes describe the now-patched security flaw as allowing “a
physical attack,” which suggests the attacker needed the device in hand to
exploit it. So, unless your device was hijacked by “extremely
sophisticated” attackers, there was nothing to panic about even before
Monday’s update.

USB Restricted Mode, introduced in iOS 11.4.1, prevents USB accessories
from accessing your device’s data if it hasn’t been unlocked for an hour.
The idea is to protect your iPhone or iPad from law enforcement devices
like Cellebrite and Graykey. It’s also the reason for the message asking
you to unlock your device before connecting it to a Mac or Windows PC.

Aligned with its typical policy, Apple didn’t detail who or what entity
used the attack in the wild, only noting that the company is “aware of a
report that this issue may have been exploited.” Security researcher Bill
Marczak of the University of Toronto’s Citizen Lab reported the flaw. In
2016, while in grad school, he discovered the iPhone’s first known zero-
day remote jailbreak, which a cyberwarfare company sold to governments.

You can make sure USB Restricted Mode is activated by heading to Settings
Face ID (or Touch ID) & Passcode. Scroll down to “Accessories” in the
list and ensure the toggle is off, which it is by default. Somewhat
confusingly, toggling the setting off means the security feature is on
because it lists features with allowed access.

As usual, you can install the update by heading to Settings > General >
Software Update on your iPhone or iPad.

Smarter people will just buy a much superior Android and take the other
half out to a very nice dinner.

https://www.engadget.com/cybersecurity/apple-patches-iphone-exploit-that-
allowed-for-extremely-sophisticated-attack-214237852.html
Marion
2025-02-11 17:01:46 UTC
Reply
Permalink
So, unless your device was hijacked by �extremely
sophisticated� attackers, there was nothing to panic about even before
Monday�s update.
The problem isn't so much that Apple's iPhone is the most exploited mobile
phone every day of every month for over 5 years non-stop zero-days...
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

No. The problem is people believe Apple's brazen lies that it's not the
most insecure phone out there. Far more zero days on iPhone than Android.

Google's Project Zero proved Apple has *never* tested most of the iOS code!
<https://cyberscoop.com/iphone-hack-google-project-zero/>

Sure, Android isn't secure either - but the real problem is Apple makes
people *feel safe* with the iPhone even though it's far worse than Android.

Instead of *testing* for insecurities, which Google proved Apple has never
performed on tons of iOS code, Apple spends money *advertising* it instead.
<https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html>

One of the reasons the iPhone is the most insecure phone out there is that
Apple only fully hotfix patches one release and one release only.

Not two. Not three. Not four.... Just one release & one release only.
<https://screenrant.com/apple-product-security-update-lifespan/>

So if your phone is on, oh, say, iOS 16, then it's full of holes that Apple
knows about which Apple could fix but Apple never bothers to fix them.
<https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases>

Apple doesn't care about you as long as you *believe* that it's the most
secure phone, even as only Apple doesn't fully patch more than one release.
<https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/>

Yes, you heard that right. While Microsoft, Samsung & Google will fully
patch multiple releases at the same time, Apple has *never* done that ever!
<https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/>

But even the fact Apple's support is the worst in the industry (yes, you
heard that right too) isn't known to the vast majority of iPhone owners.

Take Apple's own written promise that the EU forced every company who sells
smartphones to submit, which says Apple only fully supports iOS for 5 years
while both Google & Samsung fully support Pixels & Galaxies for 7 years.
<https://www.cnet.com/tech/mobile/samsung-extends-android-and-security-updates-to-7-years/>
<https://www.tomsguide.com/opinion/google-pixel-8-software-updates>

Not just 7 years mind you, but 7 years and up to 7 releases, where Apple's
full support is 5 years and never more than a single iOS release at a time.
<https://www.cnet.com/tech/mobile/apple-reveals-its-iphone-gets-at-least-five-years-of-security-updates/>

The sad fact is people actually think iOS is secure - when it's not.
They believe Apple has the best support - when it's actually the worst!
Loading...