Apple Issues Emergency Updates to Patch Actively Exploited Zero-Day Vulnerability – CVE-2025-24200

Apple today released urgent security updates for iOS and iPadOS to address a zero-day vulnerability that has been actively exploited in targeted attacks. The vulnerability, tracked as CVE-2025-24200, allows attackers to disable USB Restricted Mode on a locked device, potentially granting access to sensitive data.

USB Restricted Mode, introduced in 2018, is a security feature that prevents data transfer over USB if the device remains unlocked for seven days. This vulnerability bypasses this protection, leaving targeted devices at risk.

“A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” Apple warns in its security advisory.

The vulnerability was discovered by Bill Marczak, a senior researcher at the Citizen Lab, a University of Toronto group focused on cybersecurity research. The Citizen Lab has a strong track record of uncovering sophisticated cyberattacks against civil society.

Apple’s updates, iOS 18.3.1 and iPadOS 18.3.1, address the CVE-2025-24200 vulnerability with improved state management.

Affected Devices:

• iPhone XS and later
• iPad Pro (13-inch)
• iPad Pro 12.9-inch (3rd generation and later)
• iPad Pro 11-inch (1st generation and later)
• iPad Air (3rd generation and later)
• iPad (7th generation and later)
• iPad mini (5th generation and later)

While this vulnerability appears to have been exploited in a limited number of targeted attacks, all users of affected devices are strongly advised to install the security updates immediately.

Related Posts

• Apple Addresses Kernel Zero-Day Vulnerability in Older iPhones and iPads
• CVE-2025-24085: Apple Patches Actively Exploited Zero-Day Vulnerability