Apple Releases Emergency Patch for Critical iOS Zero-Day CVE-2025-24200

Apple has issued an urgent security update to address a critical zero-day vulnerability (CVE-2025-24200) in iOS and iPadOS that was actively exploited in an advanced cyberattack.

Understanding CVE-2025-24200

The vulnerability is an authorization flaw in Apple’s iOS and iPadOS that enables a physical attacker to disable USB Restricted Mode on a locked device. This security lapse could allow unauthorized access via USB accessories, bypassing passcodes and encryption.

What is USB Restricted Mode?

Apple introduced USB Restricted Mode in iOS 11.4.1 to prevent unauthorized access through USB accessories connected to the Lightning port. When activated, this mode blocks data connections unless the device has been unlocked within the past hour, reducing the risk of hacking tools exploiting USB connections.

Apple’s Response and Fix

Apple has acknowledged the issue and addressed it with improved state management. The company released software updates, including:

  • iOS 18.3.1
  • iPadOS 18.3.1
  • iPadOS 17.7.5

These updates effectively patch the vulnerability across a wide range of Apple devices.

Impacted Devices

The CVE-2025-24200 vulnerability affects multiple Apple products, including:

  • iPhone models: iPhone XS and later
  • iPad models:
    • iPad Pro 13-inch, 12.9-inch (3rd gen & later), 11-inch (1st gen & later)
    • iPad Air (3rd gen & later)
    • iPad (7th gen & later)
    • iPad mini (5th gen & later)
    • iPad Pro 12.9-inch (2nd gen), 10.5-inch, and iPad 6th generation

Who Discovered the Vulnerability?

Security researcher Bill Marczak from The Citizen Lab at The University of Toronto’s Munk School reported the vulnerability to Apple. The company confirmed that this issue had been used in a highly sophisticated attack targeting specific individuals.

What Users Should Do Next

Apple strongly urges all users to update their devices immediately to protect against potential security threats.

How to Update Your iPhone or iPad:

  1. Open Settings
  2. Go to General
  3. Tap Software Update
  4. Check for updates and install the latest version

Additional Security Recommendations

  • Enable automatic updates to receive future patches without delay.
  • Avoid clicking on suspicious links or downloading apps from untrusted sources.
  • Regularly check for security updates to keep your device safe.

By following these measures, users can safeguard their devices from potential cyber threats and unauthorized access.

Leave a Reply

Your email address will not be published. Required fields are marked *