FlagThis

Apple has released security updates, iOS 18.3.1 and iPadOS 18.3.1, to address a vulnerability in USB Restricted Mode. The company warns that this flaw "may have been exploited in an extremely sophisticated attack against specific targeted individuals." This unusually strong language from Apple suggests the seriousness of the threat, as they typically use more reserved terms when describing exploited vulnerabilities. Security researcher Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School reported the flaw.

The vulnerability, identified as CVE-2025-24200, allows a physical attack to disable USB Restricted Mode on a locked device. USB Restricted Mode is a security feature introduced in iOS 11.4.1 that prevents USB accessories from accessing a device's data if it hasn't been unlocked for an hour. The new updates patch this flaw, preventing attackers from turning off the security feature. Users are advised to update their devices to iOS 18.3.1, iPadOS 18.3.1 or iPadOS 17.7.5 to mitigate the risk.

ImgSrc: seclists.org

References :

• The Register - Security: Apple patch addresses the 'extremely sophisticated attack'.
• www.engadget.com: Information about Apple patching a vulnerability allowing for 'extremely sophisticated attack'.

Classification:

• HashTags: #Apple #Vulnerability #iOS
• Company: Apple
• Target: iPhones and iPads
• Product: iOS, iPadOS
• Feature: USB Restricted Mode
• Malware: CVE-2025-24200
• Type: Vulnerability
• Severity: Critical