Apple has rolled out urgent security updates to address a critical Zero-Day Exploit (CVE-2025-24200) actively exploited in highly sophisticated cyberattacks. The flaw, affecting iPhones and iPads, allows attackers to disable USB Restricted Mode on locked devices, potentially exposing sensitive data. This development underscores the persistent threats targeting high-profile individuals and the need for immediate updates.
Understanding the Vulnerability: CVE-2025-24200
The flaw is an authorization issue that enables attackers to bypass USB Restricted Mode, a security feature introduced in iOS 11.4.1 to prevent unauthorized data extraction. The attack, classified as “extremely sophisticated,” appears to require physical access to the device, suggesting its potential use in cyber-physical operations such as forensic extractions or espionage.
Citizen Lab security researcher Bill Marczak discovered and reported the issue, which Apple has patched in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 through improved state management.
Devices Affected
Apple’s advisory lists a wide range of devices impacted by this flaw:
- iPhones: iPhone XS and later models
- iPads: Various iPad Pro, iPad Air, and iPad Mini models from the 3rd generation onward
Users are strongly advised to update their devices immediately to block potential ongoing attack attempts.
Apple’s Zero-Day Problem: A Growing Concern
This marks yet another instance of zero-day vulnerabilities being exploited in real-world attacks. In recent years, Apple has faced a growing number of such threats:
- 2024: Six actively exploited zero-days patched (including CVE-2025-24085 in January)
- 2023: 20 zero-day vulnerabilities addressed, including major ones exploited by spyware such as NSO Group’s Pegasus
Apple’s ongoing struggle against zero-day threats highlights the sophistication of adversaries targeting its ecosystem. Commercial surveillance tools have leveraged many of these vulnerabilities, often used against high-risk individuals such as journalists, politicians, and activists.
The Bigger Picture: Cybersecurity & Surveillance Tools
One primary concern surrounding zero-day exploits is their use by state-backed and commercial surveillance vendors. Tools like NSO Group’s Pegasus spyware are marketed as essential for law enforcement but have often been linked to political espionage and human rights violations.
Despite claims that such tools are strictly regulated, history has shown that government agencies and private firms continue to weaponize these exploits, making it imperative for users to stay vigilant and update their devices.
What Should You Do?
If you own an affected iPhone or iPad, take the following steps immediately:
- Update your device to iOS 18.3.1 or iPad 18.3.1
- Enable automatic updates to stay protected against future threats
- Be cautious of physical access to your device, especially in high-risk situations
Final Thoughts
Apple’s latest zero-day fix reminds us that even the most secure platforms are not immune to attacks. Cyber threats are evolving rapidly, and bad actors continually find new ways to exploit vulnerabilities. While Apple remains at the forefront of security innovation, users must remain proactive in safeguarding their devices against potential breaches.
Cybersecurity is a shared responsibility. Stay informed, stay updated, and remain secure.
Resources:
https://thehackernews.com/2025/02/apple-patches-actively-exploited-ios.html
