Apple fixes security flaw allowing third-party access to locked devices

Apple on Monday announced it has fixed its mobile operating systems in response to a newly uncovered vulnerability that the company said may have been used in an “extremely sophisticated attack against specific targeted individuals.”

The flaw allowed third parties to “disable” restricted mode “on a locked device,” according to information the company posted on its website. No details were available about where or when the incident occurred.

The vulnerability, as described, could have been used to enable unlocking technology similar to Cellebrite products, which allow snoopers to break into devices when they have physical access to them. 

Cellebrite is widely used by law enforcement and was reportedly deployed to access data stored in the phone of a man who tried to assassinate President Donald Trump in July.

Apple’s restricted mode blocks data access to iPhones and iPads when they have been locked for more than an hour by weakening the functionality of the Lightning port.

The vulnerability in Apple’s iOS and iPadOS affects iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later, Apple said.

The flaw was surfaced by Bill Marczak, a digital forensic researcher at The Citizen Lab, an organization known for its work finding and confirming the presence of spyware on mobile devices belonging to journalists, dissidents and other members of civil society.