Apple Fixes Zero-Day Exploited in 'Extremely Sophisticated' Attacks
Apple has issued out emergency security updates to address a zero-day vulnerability that it says has been exploited in the wild. Tracked as CVE-2025-24200, the flaw pertains to an authorization issue which could enable a malicious actor to disable the USB Restricted Mode on a locked device as part of a physical cyber attack. USB Restricted Mode, introduced in iOS 11.4.1 nearly seven years ago, is a security feature that prevents USB accessories from establishing a data connection if the device has been locked for over an hour. It is designed to block forensic tools like Graykey and Cellebrite, often used by law enforcement, from extracting data from locked iOS devices.
Security Officer Comments:
CVE-2025-24200 is the second zero-day flaw addressed this year. Apple notes that it is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. Although Apple has not provided further details on in-the-wild exploitation, Citizen Lab researchers have frequently disclosed that zero-day vulnerabilities have been leveraged in targeted spyware attacks against high-risk individuals, including journalists, opposition politicians, and dissidents. The latest attack exploiting CVE-2025-24200 likely has a similar motive, with attackers leveraging the flaw to disable USB restricted mode as a means to gain access to sensitive data from devices locked with a passcode.
Suggested Corrections:
CVE-2025-24200 impacts the following devices:
The flaw was addressed in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 with improved state management. Users have been urged to apply the latest security updates as soon as possible to prevent potential exploitation attempts.
Link(s):
https://www.bleepingcomputer.com/ne...exploited-in-extremely-sophisticated-attacks/