iOS 18.3.1 — update your iPhone right now to fix critical zero-day vulnerability

Apple iPhone 16 held in the hand.
(Image credit: Tom's Guide)

If you’ve been putting off updating your iPhone and iPad to iOS 18.3.1, Apple just gave you a good reason to do so ASAP, as it just patched a new zero-day vulnerability.

As reported by BleepingComputer, this new security flaw has already been exploited in targeted and “extremely sophisticated" attacks, which is par for the course when it comes to Apple devices.

The flaw (tracked as CVE-2025-24200) is an authorization issue that Apple has now addressed with improved state management with the release of iOS 18.3.1 and iPadOS 18.3.1. In a new advisory, the company provided further details on the matter. It explained that by leveraging this particular zero-day, a physical attack could be used to “disable USB Restricted Mode on a locked device.”

First introduced back in iOS 11, USB Restricted Mode is a security feature that blocks USB accessories from creating a data connection with one of the best iPhones or iPads if the device has been locked for more than an hour. Instead of hackers, this feature was designed to prevent law enforcement agencies from using forensic software like Graykey and Cellebrite to extract data from locked iPhones.

Impacted iPhones and iPads

iPad mini 6 and iphone 11 pro max

(Image credit: Future)

Whether you have a newer iPhone or iPad or an older device, you must download and install this latest update as soon as you can.

Regarding iPhones, every device from the iPhone XS and later are impacted. With the best iPads, the iPad Pro 13-inch, iPad Pro 12.9-inch (3rd gen and later), iPad Pro 11-inch (1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later) and the iPad mini (5th gen and later) are affected.

It can be easy to get worried about big zero-day vulnerabilities like this one. Still, most people don’t have anything to be concerned about since this flaw was exploited in highly targeted attacks. These sorts of attacks usually go after government officials, business leaders and other high-value targets.

Still, you’re going to want to download and install this update since attacks like these have a way of trickling down. Likewise, hackers love to target ordinary people running outdated software, as doing so doesn’t require nearly as much effort.

How to keep your Apple devices safe

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

When it comes to keeping your iPhone, iPad, Mac and other Apple devices safe from hackers, the easiest way is to install new security updates when they become available. Doing so can be tedious at times, but the alternative — getting hacked or falling victim to identity theft — is much worse.

Since even iPhones and iPads can fall victim to bad apps, you always want to be extra cautious when installing new software on your devices. Check an app’s ratings and reviews. If it seems too good to be true, it probably is.

While there isn’t an iPhone or iPad equivalent to the best Android antivirus apps, one of the best Mac antivirus software solutions does provide a workaround when it comes to scanning your mobile Apple devices for malware and other viruses. If you plug your iPhone or iPad into a Mac running Intego’s antivirus software, it can scan either device for malware.

As they’re harder to hack (or at least this was true in the past), Apple devices have proven to be a goldmine for cybercriminals. And now that they’ve become extremely popular, hackers are going out of their way to develop Mac malware that finds its way into your iPhone. However, if you install updates in a timely manner and practice good cyber hygiene online, you and your devices should be safe.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
MacBook Pro 16-inch 2021 sitting on a patio table
Critical macOS flaw puts your data and cameras at risk — update right now
Google Pixel 9 held in the hand.
Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now
iPhone with USB-C charging cable
Apple’s proprietary USB-C controller has officially been hacked – what you need to know
iOS 18 home screen customization features
Apple will no longer allow users to downgrade from iOS 18.3 — here’s why
Latest in Online Security
A picture of a skull and bones on a smartphone depicting malware
Hundreds of malicious Android apps with 60 million downloads found spamming Android users with ads and stealing credentials
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
iPhone 15 Pro Max shown in hand
5 iPhone settings you should always shut off — because they’re a security nightmare
A woman using her laptop securely with a cup of coffee in hand
5 common mistakes people make when shopping for antivirus software
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 19 (#647)
Chromecast with Google TV connected to display
Google finally pushes out full Chromecast fix for users who factory reset — here’s what to do
A picture of a skull and bones on a smartphone depicting malware
Hundreds of malicious Android apps with 60 million downloads found spamming Android users with ads and stealing credentials
Switch 2 console and logo
Nintendo Switch 2 rumor just tipped possible release date — and it's much sooner than we thought
Hacker typing on laptop in darkened room
Hackers create "BRUTED" tool to attack VPNs – how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs