Apple has issued emergency updates to fix a critical security flaw that is actively being exploited in iOS and iPadOS. On February 10, the tech giant released out-of-band security patches to address a zero-day vulnerability identified as CVE-2025-24200.
This vulnerability has been deemed a serious security risk, particularly because it could allow attackers to bypass important security protections on locked Apple devices. Apple has confirmed that the flaw has been exploited in the wild, and users are strongly urged to update their devices immediately to avoid falling victim to potential attacks.
iOS Zero-Day CVE-2025-24200
The security flaw is tied to a component of Apple’s USB Restricted Mode, which was introduced in iOS 11.4.1 to prevent unauthorized data access via USB connections. When USB Restricted Mode is activated, an iPhone or iPad that has not been unlocked and connected to an accessory in the last hour will block all USB communication. However, the vulnerability described as CVE-2025-24200 has been exploited by attackers to disable this protective feature, which could allow them to access a device’s data through USB connections even if the device is locked.
The issue has been classified as an “authorization issue,” meaning that an attacker could potentially exploit the flaw by gaining unauthorized access to a device’s state management system, disabling USB Restricted Mode. Once the attacker bypasses this security barrier, they could gain unauthorized access to sensitive information stored on the device. This vulnerability is particularly concerning as it requires physical access to the device for exploitation, making it a form of cyber-physical attack.
Apple’s emergency updates aim to address this issue with improved state management in the affected systems. The company has not disclosed the specific nature of the attacks or the extent to which the vulnerability has been exploited, but reports indicate that the flaw may have been used in highly targeted and sophisticated attacks, particularly against specific individuals.
Affected Apple Devices
The vulnerability impacts a wide range of Apple products, including recent models of iPhones, iPads, and iPad Pro devices. The devices confirmed to be affected by CVE-2025-24200 include iPhone XS and later models, iPad Pro 13-inch (3rd generation and later), iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad mini (5th generation and later), iPad 7th generation and later, and iPad 6th generation.
Apple has strongly recommended that users with these devices update their software immediately to the latest version of iOS or iPadOS. The latest versions, iOS 18.3.1 and iPadOS 18.3.1, were both released on February 10, 2025. These updates specifically address CVE-2025-24200 and patch the security loophole in USB Restricted Mode.
For those who have devices affected by this vulnerability, Apple has provided an easy way to update to the latest software version. The updates can be installed by visiting Settings > General > Software Update on affected devices. Additionally, users are encouraged to enable automatic software updates by navigating to Settings > General > Software Updates > Enable Automatic Updates, ensuring that their devices are protected from future threats.
Conclusion
The CVE-2025-24200 zero-day vulnerability poses a serious security risk by allowing attackers to bypass USB Restricted Mode and access sensitive data on locked devices. Apple’s swift release of iOS 18.3.1 and iPadOS 18.3.1 addresses the issue, but the rapid exploitation of such vulnerabilities highlights the need for users to stay vigilant and update their devices promptly to protect against unauthorized access and potential attacks.
