iOS

A day before Microsoft's was set to publish its July 2018 Patch Tuesday, Apple has also released security patches. This month, the Cupertino-based OS maker has published fixes for products such as macOS, iOS, watchOs, tvOS, Safari, iCloud for Windows, and iTunes for Windows.

Since last month's security patch and before yesterday's new releases, the company also released security updates for Boot Camp, SwiftNIO, and XCode.

USB Restricted Mode ships to iOS 11.4.1

Most of the updates are bugfixes for security-related flaws. But new features have also been rolled out. By far the most headline-catching one is the addition of a "USB Restricted Mode" in iOS 11.4.1.

The new USB Restricted Mode is a feature that disables the USB port on iOS devices after an hour. To reactivate it, a user must enter the phone's security code.

Apple rolled out the feature as part of a security measure to prevent certain software firms from selling "iPhone unlocking" technology. One such firm is Cellebrite, a company who sold such a tool to the FBI. Another one is GrayShift, a company which a few months back started mass-producing a technology named GrayKey at a low price, one that made it financially viable for police departments around the world to be able to buy it.

Last month, Apple rolled the USB Restricted Mode feature into iOS beta, but this didn't worry GrayShift nor law enforcement in the US, as they hinted at having a way around Apple's new security feature.

USB Restricted Mode already bypassed

Yesterday, hours after Apple released iOS 11.4.1, software firm Elcomsoft published a blog post about a USB Restricted Mode bypass.

The company says that by plugging in any USB device into an iOS device, it can prevent the USB Restricted Mode feature from enabling the one-hour limit, and keep the user's phone/tablet USB port open and vulnerable to attacks from Cellebrite and GrayShift equipment.

USB Restricted Mode ships out disabled by default, and users will need to consult their iOS device's settings area to enable it —under the Touch ID & Passcode section, and under the USB Accessories label. There's also some trickery involved with enabling USB Restricted Mode that may fool some users, as they will have to turn off the USB Accessories option to enable USB Restricted Mode. USB Accessories is turned on by default, which may fool some users into thinking USB Restricted Mode is on as well, when in fact, it is disabled and they need to turn USB Accessories off, like so.

Below are the rest of the Apple security updates released yesterday, and during the past month.

Name and information link

Available for

Vulnerabilities

Release date

iTunes 12.8 for Windows Windows 7 and later 14 09 Jul 2018
iCloud for Windows 7.6 Windows 7 and later 14 09 Jul 2018
Safari 11.1.2 OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6 16 09 Jul 2018
macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 11 09 Jul 2018
watchOS 4.3.2 All Apple Watch models 14 09 Jul 2018
tvOS 11.4.1 Apple TV 4K and Apple TV (4th generation) 18 09 Jul 2018
iOS 11.4.1 iPhone 5s and later, iPad Air and later, and iPod touch 6th generation 22 09 Jul 2018
Wi-Fi Update for Boot Camp 6.4.0 MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Late 2009 and later), and Mac Pro (Mid 2010 and later) 3 05 Jul 2018
SwiftNIO 1.8.0 macOS Sierra 10.12 and later, Ubuntu 14.04 and later 1 27 Jun 2018
Xcode 9.4.1 macOS High Sierra 10.13.2 or later 2 13 Jun 2018