Apple has released critical security updates to fix a zero-day vulnerability that allowed attackers to bypass security features on locked iPhones and iPads. The flaw, identified as CVE-2025-24200, enabled malicious actors to disable the USB Restricted Mode protection on locked devices.
The vulnerability was uncovered by researcher Bill Marczak from The Citizen Lab at the University of Toronto's Munk School. According to Apple, the security flaw has been exploited in targeted attacks using sophisticated methods, though specific details about the threat actors remain undisclosed.
USB Restricted Mode serves as a key security feature that blocks unauthorized USB accessories from connecting to locked Apple devices. This protection helps prevent both law enforcement tools and malicious software from extracting sensitive data. The newly discovered flaw created a path for bypassing this safeguard through an authorization weakness.
The security update covers a wide range of devices, including:
- iPhone XS and newer models
- Recent iPad Pro generations
- iPad Air 3rd generation and up
- iPad 6th generation and later versions
- iPad mini 5th generation and beyond
Apple has rolled out patches through iOS 18.3.1 and iPadOS 18.3.1 for current devices, while older iPad models receive the fix via iPadOS 17.7.5.
This marks Apple's second zero-day patch of 2025, following last month's fix for a CoreMedia vulnerability that allowed privilege escalation on older iOS versions.
Users should immediately update their devices by navigating to Settings > General > Software Update. Additional security recommendations include:
- Turning off USB Accessories in Face ID & Passcode settings
- Using strong device passcodes
- Maintaining physical device security
- Avoiding unauthorized forensic tools
The swift response from Apple highlights the company's commitment to addressing security threats, particularly those actively exploited in the wild.