Apple has released an emergency update to fix a zero-day security flaw. The company says attackers have used this flaw in highly sophisticated attacks. Users should update their devices immediately to stay safe.
Apple Releases Emergency Security Update for Zero-Day Vulnerability
As reported by Bleepingcomputer, the vulnerability, CVE-2025-24200, is an authorization issue. Attackers can exploit it to bypass USB Restricted Mode on locked devices. This mode blocks USB accessories from accessing data if the device is locked for over an hour.
Apple introduced USB Restricted Mode in iOS 11.4.1 to prevent data extraction tools like GrayKey and Cellebrite from accessing locked iPhones. In November 2023, Apple also launched inactivity reboot, which restarts idle iPhones to enhance security.
Which Devices Are Affected?
Apple has patched the vulnerability in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5. The following devices are affected:
- iPhone XS and later
- iPad Pro 13-inch, iPad Pro 12.9-inch (3rd gen and later), iPad Pro 11-inch (1st gen and later)
- iPad Air (3rd gen and later), iPad (7th gen and later), iPad mini (5th gen and later)
- iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch, iPad (6th gen)
Even though the attacks have been limited, Apple urges users to install the update immediately.
Citizen Lab’s Role in Finding the Threat
Security expert Bill Marczak from Citizen Lab discovered the flaw. Citizen Lab is known for identifying spyware threats. It has previously reported vulnerabilities used against journalists, politicians, and activists.
In September 2023, Citizen Lab exposed two other Apple zero-days (CVE-2023-41061 and CVE-2023-41064). These were part of BLASTPASS, a zero click exploit chain that installed NSO Group’s Pegasus spyware on fully updated iPhones.
Apple’s Fight Against Zero-Day Attacks
Apple regularly fixes security flaws used in real world attacks. In 2024, Apple has patched six exploited zero-day vulnerabilities:
- One in January
- Two in March
- One in May
- Two in November
In 2023, Apple patched 20 zero-day vulnerabilities, including:
- November: CVE-2023-42916, CVE-2023-42917
- October: CVE-2023-42824, CVE-2023-5217
- September: CVE-2023-41061, CVE-2023-41064, CVE-2023-41991, CVE-2023-41992, CVE-2023-41993
- July: CVE-2023-37450, CVE-2023-38606
- June: CVE-2023-32434, CVE-2023-32435, CVE-2023-32439
- May: CVE-2023-32409, CVE-2023-28204, CVE-2023-32373
- April: CVE-2023-28206, CVE-2023-28205
- February: CVE-2023-23529 (WebKit zero-day)
These updates show Apple’s commitment to fighting security threats.
Why You Should Update Now
The CVE-2025-24200 vulnerability has been used in real attacks. Delaying the update could expose users to ongoing threats. Apple has not shared details about the attackers, but similar past attacks have involved state sponsored hackers.
To stay safe, follow these steps:
- Update your device in Settings > General > Software Update.
- Enable automatic updates to get future security fixes quickly.
- Stay informed by following Apple’s security alerts and cybersecurity news.
Final Thoughts
Apple’s emergency update highlights the growing risk of cyberattacks. Hackers are always finding new ways to break into devices. Installing security updates is the best way to protect personal data and privacy. Whether you’re a casual user or a high risk individual, staying up to date is essential.
