Apple has hastily dispatched an out-of-band security update to neutralize a vulnerability in iOS and iPadOS, confirming that the exploit has been actively leveraged in real-world scenarios.
Designated as CVE-2025-24200, the flaw has been classified as an authorization misconfiguration, which, if manipulated by an adversary, could subvert USB Restricted Mode on a locked device, thereby facilitating a cyber-physical incursion.
This vulnerability mandates physical possession of the targeted device to be effectively weaponized. Initially integrated into iOS 11.4.1, USB Restricted Mode serves as a safeguard that inhibits communication with accessories unless the device has been unlocked and interfaced with a peripheral within the last hour.
This security measure is widely interpreted as a countermeasure against forensic utilities such as Cellebrite and GrayKey, both of which are frequently employed by law enforcement to forcibly extract confidential data from seized iPhones and iPads.
Per Apple’s customary security advisories, further specifics regarding the exploit remain undisclosed. However, the company stated that it has mitigated the risk by refining state management mechanisms within the system.
Apple has conceded that it is “cognizant of reports indicating that this flaw has been harnessed in a highly sophisticated, precision-targeted attack against select individuals.”
Security specialist Bill Marczak from The Citizen Lab at the University of Toronto’s Munk School is credited with uncovering and reporting the flaw.
Affected Devices & Patch Availability
The security update is now accessible for the following models and software iterations:
- iOS 18.3.1 & iPadOS 18.3.1 – Available for iPhone XS and newer models, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd gen and later), iPad Pro 11-inch (1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later), and iPad mini (5th gen and later).
- iPadOS 17.7.5 – Applicable to iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch, and iPad (6th gen).
Apple’s Persistent Security Struggles
This emergency patch emerges mere weeks following the rectification of another critical security lapse—CVE-2025-24085, a use-after-free anomaly within the Core Media framework. The prior flaw had been exploited in attacks targeting pre-iOS 17.2 versions.
Apple’s zero-day vulnerabilities have routinely been instrumentalized by commercial spyware syndicates, arming them with capabilities to infiltrate and exfiltrate data from compromised devices.
Surveillance tools like NSO Group’s Pegasus are frequently presented as instruments of paramount importance for countering severe criminal threats and resolving digital obfuscation challenges. However, these platforms have also been repurposed to clandestinely monitor civil society figures and dissidents.
NSO Group has consistently refuted allegations of mass surveillance, maintaining that Pegasus is solely licensed to “legitimate, rigorously vetted intelligence and law enforcement entities.”
According to NSO’s 2024 transparency disclosure, the Israeli-based enterprise currently services 54 clients across 31 nations, including 23 intelligence agencies and 23 law enforcement institutions.
