Apple has issued an out-of-band security update for iOS and iPadOS to address a serious vulnerability that has reportedly been exploited in the wild. The flaw, tracked as CVE-2025-24200, involves an authorization issue that could allow a malicious actor to disable USB Restricted Mode on a locked device.
The USB Restricted Mode, introduced in iOS 11.4.1, is a key security feature designed to protect user data by preventing unauthorized access via physical connections. When a device is locked and has not been unlocked or connected to an accessory within the past hour, USB Restricted Mode blocks any attempts to communicate with attached accessories. This measure helps prevent tools like Cellebrite and GrayKey, commonly used in law enforcement, from bypassing device security and extracting sensitive data.
While the vulnerability requires physical access to the device for exploitation, Apple said there are reports of the flaw being used in highly sophisticated attacks targeting specific individuals.
To mitigate the issue, Apple has improved state management in the latest update, available for iOS 18.3.1: iPhone XS and later, PadOS 18.3.1: iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad 7th generation and later, and iPad mini 5th generation and later.
iPadOS 17.7.5: iPad Pro 12.9-inch (2nd generation), iPad Pro 10.5-inch, and iPad 6th generation.
As always, Apple refrained from providing further details about the nature of the attacks or the targeted individuals. That being said, users are strongly advised to update their devices to iOS 18.3.1 or iPadOS 18.3.1 to ensure that they are protected against the attacks involving the zero-day flaw.
