Apple has rolled out critical updates for its iOS and iPadOS to rectify a significant security flaw that potentially endangered users' data. The flaw, identified by Bill Marczak, a senior researcher at the Citizen Lab, enabled the circumvention of USB Restricted Mode on locked devices. This vulnerability, introduced in 2018, was exploited in sophisticated attacks targeting specific individuals, Amnesty International reported.
The flaw allowed attackers with physical access to an iPhone or iPad to disable USB Restricted Mode without unlocking the device. This mode is designed to block data transfer over a USB connection if the device remains unlocked for seven days. By exploiting this weakness, malicious actors could gain unauthorized access using forensic tools like Cellebrite and Graykey.
Reports indicate that Serbian authorities utilized Cellebrite devices to unlock activists' and journalists' phones, subsequently installing malware on these devices. Amnesty International documented these incidents in a December 2024 report, highlighting a pattern of attacks against civil society.
In response to these threats, Apple introduced an additional security measure. Now, devices will automatically reboot if not unlocked for 72 hours, complicating efforts by law enforcement or cybercriminals using forensic tools to access sensitive data.
The attacks primarily targeted individuals within civil society and were executed through zero-day vulnerabilities in devices such as iPhones. These assaults necessitated physical control of the victim's device, connecting it to forensic tools that extract data. While law enforcement agencies have historically used such tools to unlock devices, this vulnerability's exploitation raised significant concerns about privacy and security.
Amnesty International expressed concern that the vulnerability was likely used "widely" against civil society figures. The organization's findings underscore the necessity for robust security measures to protect those who may be vulnerable to such sophisticated threats.
Apple acknowledged the flaw's potential exploitation, stating it "may have been exploited in an extremely sophisticated attack against specific targeted individuals." Despite these revelations, Apple did not respond to requests for comment by press time.
Leave a Reply