CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Apple Patches Zero-Day Exploit Targeting Locked iPhones

By Leave a Comment

Apple has patched a zero-day vulnerability affecting iPhones and iPads, which allowed attackers to disable USB Restricted Mode on locked devices.

The flaw, tracked as CVE-2025-24200, has reportedly been exploited in highly targeted attacks. The fix was released in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5.

Sophisticated attacks targeting iPhones

The vulnerability was discovered by Bill Marczak of The Citizen Lab at the University of Toronto’s Munk School, a research group known for investigating cyber threats against high-risk individuals. Apple acknowledged that CVE-2025-24200 may have been actively exploited in a “highly sophisticated attack” against specific targets, though it did not disclose further details on the nature of the attacks or the threat actors involved.

The flaw was an authorization issue that allowed a physical attacker to disable USB Restricted Mode on a locked device. Apple addressed the vulnerability with improved state management to prevent unauthorized modifications.

USB Restricted Mode is a security feature that prevents unauthorized USB accessories from communicating with a locked iPhone or iPad, a measure designed to block forensic tools used by law enforcement agencies and cybercriminals to extract data from locked devices. By disabling this mode, attackers could potentially gain unauthorized access to sensitive data.

Devices affected

The vulnerability impacted a broad range of Apple devices, including:

  • iPhone XS and later
  • iPad Pro (multiple models from the 2nd generation onward)
  • iPad Air (3rd generation and later)
  • iPad (6th generation and later)
  • iPad mini (5th generation and later)

Apple issued two separate updates to address the flaw, namely iOS 18.3.1 and iPadOS 18.3.1 for modern iPhones and iPads, and iPadOS 17.7.5 for older iPads, including the iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch, and iPad (6th gen).

Second zero-day in a month

This marks the second actively exploited zero-day Apple has patched in 2025. Last month, Apple addressed CVE-2025-24085, a CoreMedia vulnerability that allowed privilege escalation on iPhones running older iOS versions. That flaw, which may have been exploited in real-world attacks, was patched alongside several other high-risk vulnerabilities in iOS 18.3 and macOS Sequoia 15.3.

Users are strongly advised to update their devices to iOS 18.3.1, iPadOS 18.3.1, or iPadOS 17.7.5 immediately to mitigate the risk posed by CVE-2025-24200. To check for updates, go to Settings > General > Software Update and install the latest version.

For additional security:

  • Enable USB Restricted Mode (Settings > Face ID & Passcode > USB Accessories > Off)
  • Use a strong passcode to protect your device
  • Keep your device physically secure and avoid leaving it unattended
  • Be cautious of third-party forensic tools that claim to bypass iPhone security features

With two zero-days patched within weeks, Apple users should prioritize staying up to date to avoid potential exploitation.

About Bill Mann

Bill specializes in explaining complex technical topics to a non-technical audience. In his 30+ year career, he has covered many of the technological advances that shape our lives. Today, Bill uses those skills to help people protect their privacy and security against the ever-growing assaults on both.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *