Users of iPhones and iPads running iOS/iPadOS 18 and iPadOS 17 have been strongly advised to promptly install the latest updates released by Apple in order to address a critical security vulnerability known as CVE-2025-24200. This vulnerability has been actively exploited in the wild through an exceptionally sophisticated attack, prompting concerns among users about the security of their devices.
The CVE-2025-24200 vulnerability specifically pertains to a flaw that allows for the bypass of the USB Restricted Mode on locked devices, as elaborated by Apple. The USB Restricted Mode was initially introduced by Apple in 2018 as a security feature to protect against unauthorized access to devices by tools like Cellebrite UFED and Graykey, often utilized by law enforcement agencies for bypassing passcode-based protections and extracting data from devices. The mode is designed to prevent such tools from accessing data if the device has not been unlocked for over an hour. The vulnerability in question arises from an authorization issue, which has now been addressed through improved state management.
The security updates addressing CVE-2025-24200 are targeted at a range of Apple devices, including iPhone XS and later models, various iPad Pro models, iPad Air, iPad mini, and other iPad generations. Users are strongly advised to ensure that their devices are promptly updated to mitigate the risks associated with this critical security flaw.
The attack leveraging CVE-2025-24200 has been characterized as highly sophisticated, with Apple acknowledging reports of specific targeted individuals being impacted. However, details regarding the nature of the attack remain scant, leaving users and security experts alike curious about the specifics of the incident. Apple’s Lockdown Mode, a security feature designed to enhance device security in critical situations, has not been confirmed as a solution to prevent such attacks.
The identification of the CVE-2025-24200 vulnerability was credited to Bill Marczak, a senior researcher associated with The Citizen Lab at The University of Toronto’s Munk School. The Citizen Lab is renowned for its work in assisting political dissidents, civil society activists, and journalists who suspect their devices have been compromised by commercial spyware like NSO Group’s Pegasus and Intellexa’s Predator. The organization’s efforts often involve the discovery and reporting of zero-day vulnerabilities exploited by such malicious software.
In light of the escalating threats posed by sophisticated cyberattacks targeting Apple devices, the swift implementation of security updates remains imperative for users to safeguard their personal data and maintain the integrity of their devices.