The iOS 18.3.1 and iPadOS 18.3.1 updates released by Apple today contain an important security fix. Since the vulnerability has been exploited externally, Apple chose to proactively expose the vulnerability and urge users to install new software as soon as possible.
According to the security support document for iOS 18.3.1 and iPadOS 18.3.1 released by Apple, it addresses an accessibility vulnerability that could disable USB Restricted Mode on locked devices.
Exploiting the vulnerability requires physical access to the device, and Apple said it was used to target specific individuals.
Impact: A physical attack may disable USB restricted mode on a locked device. Apple is aware of reports that this issue may have been exploited in extremely sophisticated attacks against specific targeted individuals.
According to Apple, the vulnerability has been fixed through improved state management. Note that Apple has also released iPadOS 17.7.5 with the same security fixes for devices that cannot run iPadOS 18.
If your iPhone is compatible with iOS18, you need to install iOS18.3.1 to ensure you are protected from vulnerabilities. The same goes for iPadOS 18.3.1 or iPadOS 17.7.5, depending on which iPad you have.