• Cyber Syrup
  • Posts
  • Apple Issues Emergency iOS and iPadOS Security Updates to Patch Exploited Vulnerability

Apple Issues Emergency iOS and iPadOS Security Updates to Patch Exploited Vulnerability

Apple has released an out-of-band security update to patch a newly discovered vulnerability in iOS and iPadOS

February 12, 2025

In partnership with

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.

Stay up-to-date with AI

The Rundown is the most trusted AI newsletter in the world, with 1,000,000+ readers and exclusive interviews with AI leaders like Mark Zuckerberg, Demis Hassibis, Mustafa Suleyman, and more.

Their expert research team spends all day learning what’s new in AI and talking with industry experts, then distills the most important developments into one free email every morning.

Plus, complete the quiz after signing up and they’ll recommend the best AI tools, guides, and courses – tailored to your needs.

Apple Issues Emergency iOS and iPadOS Security Updates to Patch Exploited Vulnerability

Overview of the Security Flaw

Apple has released an out-of-band security update to patch a newly discovered vulnerability in iOS and iPadOS that has been actively exploited in the wild. The flaw, tracked as CVE-2025-24200, is classified as an authorization issue that could allow an attacker with physical access to disable USB Restricted Mode on a locked device.

This vulnerability suggests that malicious actors could exploit the flaw as part of a cyber-physical attack, bypassing security controls designed to prevent unauthorized data access.

Understanding USB Restricted Mode

USB Restricted Mode was introduced in iOS 11.4.1 as a security measure to limit USB device access when an iPhone or iPad has been locked for more than an hour. The feature is designed to prevent unauthorized access and data extraction, particularly by forensic tools such as Cellebrite and GrayKey, which are commonly used by law enforcement and government agencies.

By exploiting CVE-2025-24200, an attacker may be able to disable USB Restricted Mode, potentially enabling the extraction of sensitive data from a locked device.

Devices and Operating Systems Affected

Apple has addressed this security flaw with improved state management, releasing patches for multiple devices and operating system versions. The update is available for:

iOS 18.3.1 and iPadOS 18.3.1

  • iPhone XS and later

  • iPad Pro 13-inch

  • iPad Pro 12.9-inch (3rd generation and later)

  • iPad Pro 11-inch (1st generation and later)

  • iPad Air (3rd generation and later)

  • iPad (7th generation and later)

  • iPad mini (5th generation and later)

iPadOS 17.7.5

  • iPad Pro 12.9-inch (2nd generation)

  • iPad Pro 10.5-inch

  • iPad (6th generation)

Discovery and Reporting

The vulnerability was discovered by Bill Marczak, a security researcher at The Citizen Lab at the University of Toronto's Munk School. Apple credited Marczak with reporting the issue and stated that it was aware of reports that the flaw has been used in highly sophisticated attacks targeting specific individuals.

This follows a pattern of vulnerabilities being exploited against high-profile individuals, such as journalists, activists, and political dissidents, often using sophisticated spyware tools.

Previous Zero-Day Exploits in Apple Devices

This update comes just weeks after Apple patched another actively exploited zero-day, CVE-2025-24085, a use-after-free vulnerability in the Core Media component. That flaw had also been used in attacks against older iOS versions before the release of iOS 17.2.

Zero-day vulnerabilities targeting Apple devices have frequently been leveraged by commercial spyware vendors to deploy highly advanced surveillance tools. These exploits are often used to remotely compromise Apple devices, allowing attackers to extract sensitive data and monitor victims without their knowledge.

Commercial Spyware and Its Implications

Many of these zero-day exploits have been linked to commercial surveillanceware vendors, such as the NSO Group, which develops the Pegasus spyware. While these tools are marketed for law enforcement and counterterrorism operations, they have also been misused to target journalists, human rights activists, and political figures.

NSO Group has repeatedly claimed that Pegasus is not a mass surveillance tool and that its software is sold only to legitimate, vetted intelligence and law enforcement agencies. However, reports have consistently shown that authoritarian governments have misused these tools to spy on dissidents and members of civil society.

In its 2024 Transparency Report, NSO Group revealed that it currently serves 54 customers in 31 countries, with:

  • 23 intelligence agencies

  • 23 law enforcement agencies

Despite these claims, researchers continue to uncover abuses of spyware tools, raising concerns about how such technology is used globally.

Conclusion: Why This Update Matters

Apple’s rapid response to CVE-2025-24200 highlights the growing threat of cyber-physical attacks, where vulnerabilities are exploited not just remotely but also with direct physical access to a device. This latest patch serves as a crucial reminder for iPhone and iPad users to keep their devices updated to protect against unauthorized access and potential data extraction.

With state-sponsored cyberattacks and commercial spyware operations on the rise, security researchers emphasize the importance of staying vigilant and ensuring that devices are always running the latest security patches. Apple users are strongly encouraged to update their devices immediately to mitigate the risks associated with this vulnerability.