Apple has released emergency security updates to fix a zero-day vulnerability that was exploited in targeted and “extremely sophisticated” attacks. The company says the issue affects iPhone and iPad users, particularly those with USB Restricted Mode enabled.
The patch addresses an authorization issue in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5. Devices impacted include iPhones XS and later, as well as various iPad models from the latest generations to older ones.
While the vulnerability was only exploited in targeted attacks, Apple advises users to install the security updates immediately to block potential ongoing attack attempts. This is especially important given that similar zero-days have been used in spyware attacks against high-risk individuals.
In 2024, Apple patched six actively exploited zero-days, and last month, it fixed this year’s first zero-day vulnerability. The company has made significant strides in addressing these vulnerabilities, including releasing emergency updates for several zero-day exploits in recent months.
Source: https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-day-exploited-in-extremely-sophisticated-attacks