Abdelrahman
On Monday, Apple rolled out emergency security updates to tackle a vulnerability in iOS and iPadOS that has reportedly been actively exploited.
Designated with the CVE identifier CVE-2025-24200, this vulnerability is categorized as an authorization flaw that could potentially allow cybercriminals to disable USB Restricted Mode on a locked device during a cyber-physical attack.
This indicates that the attackers would need physical access to the device to take advantage of this exploit. Designed to enhance security, USB Restricted Mode, introduced in iOS 11.4.1, prevents devices running iOS and iPadOS from communicating with connected accessories unless the device has been unlocked and connected within the previous hour.
This feature aims to thwart digital forensic tools like Cellebrite and GrayKey, commonly utilized by law enforcement agencies, from gaining unauthorized access to confiscated devices and extracting sensitive information.
As is typical with such advisories, specific details regarding the security vulnerability remain undisclosed. Apple mentioned that the issue was rectified through enhanced state management protocols.
Additionally, Apple has acknowledged awareness of reports indicating this vulnerability might have been exploited during a highly sophisticated attack targeting specific individuals.
This security flaw was identified and reported by Bill Marczak, a researcher at The Citizen Lab, part of the University of Toronto’s Munk School.
The update is applicable to the following devices and operating systems:
- iOS 18.3.1 and iPadOS 18.3.1 — compatible with iPhone XS and later, iPad Pro models (13-inch and 12.9-inch 3rd generation or higher), iPad Pro 11-inch (1st generation or higher), iPad Air (3rd generation or higher), iPad 7th generation or newer, and iPad mini (5th generation or newer).
- iPadOS 17.7.5 — applicable for iPad Pro (12.9-inch 2nd generation), iPad Pro (10.5-inch), and iPad (6th generation).
This announcement follows a prior resolution from Cupertino, which recently addressed another critical security flaw involving a use-after-free vulnerability in the Core Media component (CVE-2025-24085) disclosed to have been exploited in versions of iOS prior to 17.2.
Zero-day vulnerabilities within Apple software have been mainly weaponized by commercial surveillance vendors to deploy advanced applications capable of extracting information from targeted devices.
While tools like NSO Group’s Pegasus are promoted as technologies designed to save lives and combat severe criminality to address the so-called “Going Dark” dilemma, they have also been misused to monitor individuals within civil society.
The NSO Group maintains that Pegasus is not a tool for mass surveillance, asserting that it is only licensed to legitimate, vetted intelligence and law enforcement agencies.
In its 2024 transparency report, the Israeli firm disclosed that it serves 54 customers across 31 countries, including 23 intelligence agencies and another 23 law enforcement bodies.
