Zero-Day Exploited in iOS, iPadOS: A Chronic Risk for Security and Privacy
By Ravie Lakshmanan, February 11, 2025
[Image: iOS Zero-Day](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9_U0m5p1_iHJL5cDd5bwW6ToTFLohS0n8_uXmlAZBwsHJWBvdqk4un_XCrW6kKUVcn82YivPFVVWgF3_IaS2KbG6kkT-LjeiW3xbi0Tt7Rb-4S_T9IVI4qcuaa1omGwgLCYO69GGFXL4b_IqsVCbzOpcuykYi8ORwmvyJbP9QnWJZW_9izM5IFpTxRgOE/s728-rw-e365/iphone.png "iOS Zero-Day" border="0" data-original-height="380" data-original-width="728" title="iOS Zero-Day"> [Image: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6e4c8i_pkXRCFnrtqVIygOrARiVnU3_KUgU5mhPl5V4uj8R1KcQOxRLdZ0xm1Rf5AX_cviUAeiiRkTJCe8HXzOeB363590NBXAMv92N9e7zr4m7aKtDq-Q_gpP9QFWecL0oxcVtmqSg9qrGEGqlDbzwNNFKGJe2nlup4tuL7AZzTm0U501YxPGodOc2Fq/s728-rw-e100/zz-d.jpg" width="727" height="90" alt="Cybersecurity">Apple has released out-of-band security updates to address a security flaw in iOS and iPadOS that it claims has been exploited in the wild. The vulnerability, identified with the CVE identifier CVE-2025-24200, is described as an authorization issue that could allow a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber-physical attack.
[Image: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT2OnXk97z-adL5WBKzz6wsA7vAhygg3Px0VPmqpH5hH4AErnYajTCpDN7SLy43ejD_T4Skv8OMOdG9qpzMfihrj8o7qSznLKA8zg7jW8L4hY8-umwTNZSpAj0JvtG3VGMFGw9n7hMyea1NpVSXp6yTaClLUQ3GujxwlEuLmQFSsVH28WQy6vp-cOGG0p_/s728-rw-e100/saas-security-v2-d.png" width="727" height="90">USB Restricted Mode was introduced in iOS 11.4.1 and is designed to prevent an Apple iOS and iPadOS device from communicating with a connected accessory if it has not been unlocked and connected to an accessory within the past hour. This means that a malicious actor would need physical access to the device to exploit the flaw. The update to address the vulnerability is available for iOS 18.3.1 and iPadOS 18.3.1, and affects various iPhone and iPad models.
The development comes weeks after Apple resolved another security flaw, a use-after-free bug in the Core Media component (CVE-2025-24085), that it revealed as having been exploited against versions of iOS before iOS 17.2.
[Image: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6e4c8i_pkXRCFnrtqVIygOrARiVnU3_KUgU5mhPl5V4uj8R1KcQOxRLdZ0xm1Rf5AX_cviUAeiiRkTJCe8HXzOeB363590NBXAMv92N9e7zr4m7aKtDq-Q_gpP9QFWecL0oxcVtmqSg9qrGEGqlDbzwNNFKGJe2nlup4tuL7AZzTm0U501YxPGodOc2Fq/s728-rw-e100/zz-d.jpg" width="727" height="90" alt="Cybersecurity">Zero-days in Apple software have been primarily weaponized by commercial surveillanceware vendors to deploy sophisticated programs that can extract data from victim devices.
A report released by NSO Group highlights that its Pegasus spyware, often used for commercial surveillance, is licensed to "legitimate, vetted intelligence and law enforcement agencies." The Israeli company stated that it serves 54 customers in 31 countries, with 23 being intelligence agencies and another 23 being law enforcement agencies.
In its transparency report for 2024, NSO Group emphasized that its spyware is not a mass surveillance tool.
The security flaw highlights the ongoing concerns about the exploitation of vulnerabilities in software and the potential misuse of powerful tools designed to combat cybercrime.
Affected Devices:
- iOS 18.3.1 and iPadOS 18.3.1
- iPhone XS and later
- iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 7th generation and later
- iPad mini 5th generation and later
- iPadOS 17.7.5
- iPad Pro 12.9-inch 2nd generation
- iPad Pro 10.5-inch
- iPad 6th generation
Sources:
Source Link
