Apple has launched emergency safety updates to handle a zero-day vulnerability, CVE-2025-24200, that has been actively exploited in focused assaults towards iPhone and iPad customers.
The vulnerability permits attackers to disable USB Restricted Mode on a locked gadget, probably granting unauthorized entry to delicate knowledge.
Apple is conscious of stories that this problem could have been exploited in a particularly subtle assault towards particular focused people.
The corporate addressed the vulnerability in iOS 18.3.1 and iPadOS 18.3.1 with improved state administration.
The zero-day vulnerability impacts the next units:
- iPhone XS and later
- iPad Professional 13-inch
- iPad Professional 12.9-inch (third technology and later)
- iPad Professional 11-inch (1st technology and later)
- iPad Air (third technology and later)
- iPad (seventh technology and later)
- iPad mini (fifth technology and later)
USB Restricted Mode, a safety characteristic launched in 2018, is designed to stop knowledge switch over USB if a tool has been locked for greater than an hour.
This characteristic goals to dam unauthorized entry and stop legislation enforcement businesses from utilizing forensic software program to extract knowledge from locked iOS units. Nevertheless, the latest vulnerability permits attackers to bypass this safety.
The invention of the vulnerability is credited to Invoice Marczak from Citizen Lab, a analysis group on the College of Toronto that focuses on cybersecurity. Citizen Lab has a historical past of uncovering subtle cyberattacks.
Whereas specifics stay scarce, Apple identifies the flaw as a “bodily assault” that might disable the USB Mode on a locked gadget.
For the reason that exploit necessitates bodily entry to the gadget, there are suspicions that it might have been built-in into hacking instruments. This might probably enable unauthorized events to unlock and extract knowledge from bodily confiscated iPhones.
Apple has urged customers to put in the safety updates instantly to dam potential assault makes an attempt. The updates, iOS 18.3.1 and iPadOS 18.3.1, handle the CVE-2025-24200 vulnerability with improved state administration.
Apple says it doesn’t disclose, talk about, or affirm safety points till an investigation has occurred and patches or releases can be found.
Are you from SOC/DFIR Group? - Be a part of 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Attempt for Free