Security and more: What's in the latest updates for Mac, iPhone and iPad

The “dot-dot releases” for iOS and iPadOS published last night contain bug fixes for a security vulnerability which, according to Apple, is already being exploited. The company announced this on its security updates website. This affects iOS 18 and iPadOS 18 as well as iPadOS 17 (and presumably also iOS 17, which Apple is no longer patching). Users should therefore urgently install iOS 18.3.1 and iPadOS 18.3.1 or iPadOS 17.7.5.

Physical attack on the iPhone

The bug is in the Accessibility module, which is responsible for accessibility, and has to do with the restricted USB access to the device. This restricted mode can be circumvented using an “extremely sophisticated” (in Apple's own words) form of attack, whereby the iPhone must be under the attacker's control. The bug was discovered by the Canadian security group Citizen Lab at the University of Toronto. They are expected to publish details on their website in the coming days.

According to Apple, the “physical attack” was possible on locked devices. It remains unclear exactly what could be done with it – but USB Restricted Mode is considered the first hurdle that prevents data from being tapped via the USB-C port. It is also conceivable that malicious code could be introduced in this way, but Apple does not provide any information on this. What the company does say, however, is that according to Apple, there was a “report that specific targets” were attacked. It is also unclear which ones. The bug was fixed via improved “state management,” Apple added. Users of iPhones from model XS, iPad Pro with 11 and 13 inches and 12.9 from the third generation, iPad Air 3 and newer, iPad 7 and newer and iPad Mini 5 and newer have access to the patch. Other models can no longer run iOS 18 (or iPadOS 17.7.5) and remain insecure.

Updates also for watchOS and visionOS – Uncertainty about macOS patches

In addition to iOS and iPadOS, Apple has also updated watchOS and visionOS – to 11.3.1 and 2.3.1 respectively. However, these are not said to contain any security-related fixes. Unfortunately, Apple does not provide any other information about new features – very annoying, as you have to apply the patches at random without knowing what they will bring.

According to Apple, macOS 15.3.1, macOS 14.7.4 (Sonoma) and macOS 13.7.4 (Ventura), which were also released yesterday, also contain no security updates, but bug fixes. These also remain undisclosed, with the updates comprising 2 GB and more. Problems with macOS 15.3 in connection with third-party firewalls were recently reported. Whether these have now been fixed remained unclear at first.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(bsc)