Apple Addresses Actively Exploited iOS Zero-Day CVE-2025-24200 in Urgent Update

On Monday, Apple released emergency security updates to fix a vulnerability in iOS and iPadOS that has reportedly been exploited in the wild.

Labeled as CVE-2025-24200 (CVSS score: 4.6), the flaw is an authorization issue that could allow an attacker to bypass USB Restricted Mode on a locked device, potentially enabling a cyber-physical attack.

This indicates that the attacker would need physical access to the device to exploit the vulnerability. USB Restricted Mode, introduced in iOS 11.4.1, prevents an iOS or iPadOS device from communicating with a connected accessory unless the device has been unlocked and connected to that accessory within the past hour.

The feature is intended to prevent digital forensics tools, such as Cellebrite or GrayKey, often used by law enforcement, from accessing confiscated devices and extracting sensitive data without authorization.

As is typical with advisories of this nature, no additional details about the security flaw have been disclosed. Apple stated that the vulnerability was fixed with enhanced state management.

However, the company acknowledged being "aware of a report that this issue may have been exploited in an exceptionally sophisticated attack targeting specific individuals."

The flaw was discovered and reported by security researcher Bill Marczak from The Citizen Lab at the University of Toronto’s Munk School.

The update can be downloaded for the following devices and operating systems:

• iOS 18.3.1 and iPadOS 18.3.1 are available for the following devices: iPhone XS and newer, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and newer, iPad Pro 11-inch 1st generation and newer, iPad Air 3rd generation and newer, iPad 7th generation and newer, and iPad mini 5th generation and newer.

• iPadOS 17.7.5 is available for the following devices: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation.

This development follows weeks after Apple addressed another security vulnerability, a use-after-free bug in the Core Media component (CVE-2025-24085), which was found to be exploited in iOS versions prior to iOS 17.2.

Zero-day flaws in Apple software have mainly been targeted by commercial surveillanceware vendors to deploy advanced tools designed to extract data from compromised devices.

While tools like NSO Group's Pegasus are promoted as "technology that saves lives" and as a means to combat serious criminal activity by addressing the "Going Dark" issue, they have also been misused to spy on members of civil society.

NSO Group, for its part, has maintained that Pegasus is not a tool for mass surveillance and is only licensed to "legitimate, vetted intelligence and law enforcement agencies."

In its 2024 transparency report, the Israeli company stated that it serves 54 customers across 31 countries, including 23 intelligence agencies and 23 law enforcement agencies.

To learn more about our services and how we can help protect your systems, visit https://www.vaptern.com/services or contact us directly.