Home News New iOS Update Resolves USB Exploit Linked to Targeted Attacks
News

New iOS Update Resolves USB Exploit Linked to Targeted Attacks

280

Apple has announced a critical security update for iPhones and iPads in response to a severe vulnerability affecting the USB Restricted Mode, tracked as CVE-2025-24200. This flaw has reportedly been exploited in targeted attacks. Users are urged to update their devices immediately.

The USB Restricted Mode was introduced in 2018 to enhance security by disabling the Lightning or USB ports if the device remains locked for over an hour. These ports are usually reactivated when the user unlocks their device. However, the recent vulnerability has compromised this feature, allowing an attacker with physical access to a locked device to bypass the protection, potentially leading to unauthorized data access.

Apple stated, “A physical attack may disable USB Restricted Mode on a locked device.” The company is aware of reports that this issue has been exploited in what it describes as “extremely sophisticated” attacks targeting specific individuals.

The National Institute of Standards and Technology (NIST) has characterized this vulnerability as an “authorization issue” that has been addressed through improved state management.

To mitigate this risk, Apple has released security patches in iOS 18.3.1 and iPadOS 18.3.1, along with iPadOS 17.7.5, which are now available for various devices, including iPhone XS and later models, and several iPad variants.

This vulnerability was identified by Bill Marczak, a senior researcher at Citizen Lab. While details about the specific attack methods remain undisclosed, the discovery suggests a possible link to advanced surveillance tactics, potentially involving nation-state actors.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...