Apple has issued emergency security updates to address a critical zero-day vulnerability, CVE-2025-24200, which has been exploited in targeted and “extremely sophisticated” attacks. This vulnerability affects iPhone and iPad users, posing significant risks to user security. Review the details of this Cybersecurity Threat Advisory to learn how to mitigate your risk.
What is the threat?
CVE-2025-24200 is an authorization issue that allows a threat actor to disable USB Restricted Mode on a locked iOS device. Apple introduced this security feature in iOS 11.4.1 nearly seven years ago. It prevents USB accessories from establishing a data connection if the device remains locked for over an hour.
The purpose of USB Restricted Mode is to prevent forensic software from extracting data from locked iOS devices. Exploiting this vulnerability could facilitate cyber-physical attacks, enabling attackers to bypass security measures and extract sensitive information from the device.
Why is this noteworthy?
This vulnerability is particularly concerning as it has been linked to sophisticated attacks targeting specific individuals, highlighting the potential for misuse by cybercriminals. The release of this advisory closely follows another critical vulnerability (CVE-2025-24085) that was also actively exploited, highlighting the ongoing risks associated with Apple’s ecosystem.
What is the exposure or risk?
If users leave CVE-2025-24200 unpatched, they can expose themselves to significant risks, especially those targeted by advanced persistent threats (APTs) or surveillance operations. Disabling USB Restricted Mode can enable attackers to use digital forensics tools to extract sensitive data from locked devices, compromising user privacy and security.
The vulnerability affects many devices, including the iPhone XS and, later, various iPad Pro models, and other recent iPad generations. While Apple has not provide detailed information about the exploitation, security researchers have disclosed the zero-day vulnerabilities used in targeted spyware attacks against high-risk individuals, such as journalists, opposition politicians, and dissidents.
What are the recommendations?
To mitigate the risks associated with this vulnerability, Barracuda recommends the following actions:
- Update devices running iOS 18.3.1 and iPadOS 18.3.1, as well as iPadOS 17.7.5, to the latest software versions released by Apple to block potentially ongoing attack attempts.
- Configure devices to automatically download and install security updates to reduce exposure to future vulnerabilities.
- Be vigilant about physical access to devices, especially for high-risk individuals or in sensitive environments.
- Enforce policies that limit physical access to devices and ensure that only trusted personnel can handle sensitive devices.
References:
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2025/02/apple-patches-actively-exploited-ios.html
- https://www.infosecurity-magazine.com/news/apple-update-extremely/
- https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-day-exploited-in-extremely-sophisticated-attacks/
- https://nvd.nist.gov/vuln/detail/CVE-2025-24200
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
