On Monday, Apple rolled out emergency security updates to fix a critical zero-day vulnerability in iOS and iPadOS that was actively exploited in an extremely sophisticated attack.
The high zero-day vulnerability, identified as CVE-2025-24200, is an authorization issue in Apple’s iOS and iPadOS that could allow a physical attacker to disable USB Restricted Mode on a locked device.
In other words, this vulnerability could enable a sophisticated physical attack to bypass USB Restricted Mode on a locked iOS or iPadOS device.
For those unaware, Apple’s USB Restricted Mode is a security feature introduced in iOS 11.4.1 to prevent unauthorized access to an iPhone or iPad via USB accessories.
When enabled, this mode prevents USB accessories that plug into the Lightning port from making data connections with the device if it has not been unlocked within the past hour.
This prevents hacking tools that connect via the Lightning port from bypassing passcodes and encryption.
Meanwhile, Apple has acknowledged the issue and fixed the vulnerability with improved state management.
“A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company wrote in the advisories [(1),(2)] published on Monday.
The Cupertino giant has credited security researcher Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School for discovering and reporting the vulnerability to Apple.
The CVE-2025-24200 vulnerability affected a broad range of Apple devices, including:
- iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
- iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Apple has resolved the vulnerability above by releasing software updates — iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 — with improved memory management.
While Apple has not provided any information on how the above vulnerability was exploited, it has strongly urged its iOS and iPadOS users to immediately update their devices to the latest versions to mitigate potential security threats.
Further, enable automatic updates to ensure you receive future patches on your devices without delay.
Avoid clicking on suspicious links and only download apps from trusted sources to reduce the risk of vulnerabilities.
For software updates on iPhone or iPad, go to Settings > General > Software Update > Check for the update and install.
