Apple has issued an unscheduled security update for iOS and iPadOS, addressing a vulnerability (CVE-2025-24200) actively exploited in real-world attacks. The issue stems from an authorization flaw that allows attackers to disable USB Restricted Mode on locked devices, jeopardizing their security.
Exploiting this vulnerability necessitates physical access to the device. Introduced in iOS 11.4.1, USB Restricted Mode prevents data transfer via USB if the device has not been unlocked and connected to accessories within the past hour. This safeguard aims to thwart digital forensic tools like Cellebrite and GrayKey, employed by law enforcement agencies.
While Apple remains reticent about the specifics of the vulnerability, they confirm its resolution through enhanced system state management. The company acknowledges the flaw’s potential exploitation in sophisticated attacks targeting specific individuals. Security researcher Bill Marczak of The Citizen Lab at the University of Toronto brought this vulnerability to light.
The update is available for the following devices and operating systems:
-
iOS 18.3.1 and iPadOS 18.3.1 — iPhone XS and later, iPad Pro (13-inch), iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad1 (7th generation and later), iPad mini (5th generation and later)2
-
iPadOS 17.7.5 — iPad Pro 12.9-inch (2nd generation), iPad Pro (10.5-inch), and iPad (6th generation)
Each new vulnerability underscores the imperative for continuous updates in digital security. As some seek to fortify defenses, others relentlessly probe for weaknesses, perpetuating an unending cycle.
