Breaking news: Apple has another update for you to install. While it seems like there’s always a new update for us Apple users to install on our devices, this one is quite important to prioritize. That’s because it’s not a simple feature update, changing the software you’re used to. Instead, it’s a security patch, fixing issues with iOS, iPadOS, macOS, and other Apple OSes that, left unpatched, leaves you vulnerable to hacking.
Security patches vs. software updates
Table of Contents
Some platforms separate security patches and software updates as two distinct processes. Not Apple. Usually, the company couples security patches and software updates together, which creates some interesting situations. You can have a feature-filled software update that is also full of security patches, a feature-filled software update with few (or no) security patches, or a software update with few (or no) features, and any number of security patches.
It’s this latter category that this post will focus on exclusively. See, every now and then, Apple will discover a critical security vulnerability on its platforms. This isn’t necessarily Apple’s fault: Software inherently contains security vulnerabilities, and the goal is to discover these before bad actors do. However, whenever these security flaws do come to light, it’s imperative to push them out to users as quick as possible—especially if that flaw has already been used by bad actors.
These are the times when you see software updates on your iPhone or Mac that look like a weirdly long string of numbers—iOS 18.3.1, for example. iOS 18 is the big update, with all the keynote features; 0.3 is the minor update, that comes with some new features; and while it’s possible a 0.0.1 update could come with new features, it usually denotes security patches and bug fixes.
There is an exception to this rule: Apple’s Rapid Security Responses. These are strictly security patches—not feature updates—and are deployed when it’s absolutely critical to patch a security flaw on customers’ devices. You’ll know when one of these hits your device, since it not only says “Security Response,” but also includes an (a) to denote this isn’t a standard update.
This isn’t a Security Response, though: This is an update, that just so happens to be a security patch. I know—not confusing at all.
Apple’s latest security patch
On Monday, Feb. 10, Apple dropped a series of updates for its devices. That includes iOS 18.3.1 for iPhones; iPadOS 18.3.1 for iPads, iPadOS 17.7.5 for older iPads, macOS Sequoia 15.3.1 for Macs, macOS Sonoma 14.7.4 for Macs running Sonoma, macOS Ventura 13.7.4 for Macs running Ventura, watchOS 11.3.1 for Apple Watches, and visionOS 2.3.1 for Apple Vision Pro.
Curiously, out of all of these updates, only iOS and iPadOS 18.3.1 and iPadOS 17.7.5 contain release notes. The rest are blank. However, we can pull from the notes Apple shared on these first two posts to see what’s new. At this time, it’s just one security patch: “Impact: A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
USB Restricted Mode protects Apple devices from unknown wired peripherals. The idea is that if a bad actor tries to plug a malicious device into your Mac or iPhone, for example, the feature will block that device from connecting. The feature is configurable, so you can choose whether to allow all USB devices to connect to your Apple device, allow USB devices when your Apple device is unlocked, have your Apple device ask you whenever a new device connects, or have it ask you whenever any device connects.
Regardless of your setting, it seems this latest flaw enables a bad actor to bypass the security feature entirely on a locked device, and potentially connect a malicious accessory to your Apple device. What makes this flaw particularly dangerous is that Apple confirmed that it is actively exploited in the wild—meaning there are actors out there abusing the flaw to attack Apple users. To protect yourself, make sure to install the latest security patch on all of your eligible Apple devices right now.
How to install a security patch on your Apple device
Again, security patches like 18.3.1 are just software updates. As such, you can install these patches just as you would any other Apple update. On most Apple devices, you can head to Settings (System Settings for macOS) > General > Software Update, then follow the on-screen instructions to download and install the latest update.