Apple has issued an out-of-band security update to patch a critical iOS and iPadOS vulnerability (CVE-2025-24200) that has been actively exploited in the wild. The flaw, identified as an authorization issue, could allow malicious actors to disable USB Restricted Mode on locked devices, facilitating cyber-physical attacks.
CVE-2025-24200: A High-Risk Authorization Flaw
The vulnerability, discovered by security researcher Bill Marczak from The Citizen Lab at the University of Toronto's Munk School, enables attackers with physical access to a device to bypass security restrictions. USB Restricted Mode, first introduced in iOS 11.4.1, is designed to prevent unauthorized access by digital forensic tools like Cellebrite and GrayKey, commonly used by law enforcement agencies to extract sensitive data.
Apple has acknowledged reports indicating that this flaw has been leveraged in highly sophisticated attacks against specific individuals. To mitigate the risk, the company has addressed the issue with improved state management in its latest security update.
Devices and OS Versions Affected
Apple’s emergency patch is now available for the following devices:
iPhone XS and later
iPad Pro 13-inch
iPad Pro 12.9-inch (3rd generation and later)
iPad Pro 11-inch (1st generation and later)
iPad Air (3rd generation and later)
iPad (7th generation and later)
iPad mini (5th generation and later)
iPad Pro 12.9-inch (2nd generation)
iPad Pro 10.5-inch
iPad (6th generation)
Apple’s Battle Against Exploited Zero-Days
This latest security development follows Apple's recent fix for another critical zero-day (CVE-2025-24085), a use-after-free bug in the Core Media component, which was exploited in older iOS versions before iOS 17.2.
Zero-day vulnerabilities in Apple software are frequently weaponized by commercial surveillance vendors to deploy sophisticated spyware. Tools like NSO Group’s Pegasus, marketed as a solution for combatting serious criminal activity, have been misused for espionage against journalists, activists, and other high-profile targets.
NSO Group maintains that Pegasus is not a mass surveillance tool, stating in its 2024 transparency report that the software is licensed to "legitimate, vetted intelligence and law enforcement agencies" across 31 countries. The report reveals that 54 customers utilize Pegasus, with 23 intelligence agencies and 23 law enforcement agencies among them.
How to Stay Secure
Apple users are strongly advised to update their devices immediately to mitigate potential security risks. The emergency patch underscores the growing need for cybersecurity vigilance as sophisticated attacks continue to target high-profile individuals worldwide.