Apple released emergency security updates on Monday to fix a vulnerability in iOS and iPadOS, identified as CVE-2025-24200, which has been actively exploited in the wild. The flaw presents an authorization issue that could allow attackers with physical access to disable USB Restricted Mode on locked devices as part of a cyber physical attack.
Apple releases emergency updates to fix iOS vulnerability
USB Restricted Mode, introduced in iOS 11.4.1, prevents iOS and iPadOS devices from communicating with accessories when they have not been unlocked and connected within the previous hour. This feature aims to protect devices from unauthorized access by digital forensics tools often used by law enforcement, such as Cellebrite and GrayKey.
Apple confirmed it is aware of reports stating that this vulnerability may have been exploited in highly sophisticated attacks against specific targeted individuals. The flaw has been addressed with improved state management according to Apple’s advisory, although further technical details remain undisclosed.
Bill Marczak, a security researcher from The Citizen Lab at the University of Toronto, discovered and reported the vulnerability. The updated software is available for the following devices:
- iOS 18.3.1 and iPadOS 18.3.1: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
- iPadOS 17.7.5: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation.
This release follows a recent fix for a different security flaw—CVE-2025-24085, a use-after-free bug in the Core Media component—previously identified as exploited in earlier iOS versions. Moreover, zero-day vulnerabilities in Apple software are frequently deployed by surveillance vendors to extract data from compromised devices.
Commercially marketed tools, like NSO Group’s Pegasus, claim utility for law enforcement while also facing scrutiny for invasive practices. NSO Group has maintained that Pegasus is not designed for mass surveillance and is exclusively licensed to vetted agencies.
USB Restricted Mode has been crucial in minimizing risks associated with physical attacks through device ports. If a device is locked for over an hour, Apple disables its Lightning or USB ports to thwart potential breaches from connected accessories.
The National Institute of Standards characterizes the newly patched vulnerability as an authorization issue that required state management improvements. Apple pointed out that a physical attack could potentially disable USB Restricted Mode on locked devices and has acknowledged concerns regarding its exploitation in targeted attacks.
Marczak specifically emphasized the critical nature of this update, urging users to upgrade to iOS 18.3.1 to safeguard against these vulnerabilities. Users can find the update through their device settings under Software Update.
For devices not affected by the flaw and running older iOS versions, Apple has not issued updates as the company continues prioritizing more recent operating systems, thereby reinforcing the importance of timely updates in combating digital threat landscapes.
Featured image credit: William Hook/Unsplash
