An emergency security updates for iOS and iPadOS was released on Monday by Apple to patch a vulnerability that has already been exploited in the wild. Tracked as CVE-2025-24200, this flaw is marked as an authorization issue which could allow attackers to disable USB Restricted Mode if they have physical access to a locked device. This feature was introduced in iOS 11.4.1. It was designed to prevent unauthorized access to device data by limiting USB connections of Apple iOS and iPadOS device to a connected accessory if it has not been unlocked within the past hour. Disabling USB Restricted Mode could allow tools used by law enforcement, such as Cellebrite and GrayKey, to gain unauthorized access to a seized device and extract sensitive data, failing the purpose for which it was introduced in first place.
Apple has acknowledged that the vulnerability has been used in highly sophisticated, targeted attacks but provided minimal technical details, citing “improved state management” as the fix. The discovery and reporting of the flaw has been credited to Security researcher Bill Marczak of The Citizen Lab.
The updates, iOS/iPadOS 18.3.1 and iPadOS 17.7.5 (for older devices), are available for the below range of iPhones and iPads.
• iPadOS 17.7.5 -iPad 6th generation, iPad Pro 10.5-inch and iPad Pro 12.9-inch 2nd generation
• iOS 18.3.1 and iPadOS 18.3.1 – iPhone XS and later, iPad mini 5th generation and later, iPad 7th generation and later, iPad Pro 11-inch 1st generation and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 13-inch and iPad Air 3rd generation and later.
This patch comes shortly after Apple addressed another exploited vulnerability, CVE-2025-24085, a use-after-free bug in Core Media that was being exploited against versions prior to iOS 17.2.
Zero-day vulnerabilities in Apple products are often exploited by developers of surveillance software. While these tools are marketed for legitimate law enforcement use, they are suspected to also been misused to target civil society members. NSO Group’s Pegasus is one such example where the group claims Pegasus is only sold to vetted agencies and is not a mass surveillance tool, stating in their 2024 transparency report they serve 54 clients across 31 countries, primarily intelligence and law enforcement agencies.
