Apple Issues Emergency Update to Address Critical iOS Zero-Day Vulnerability CVE-2025-24200

Apple Issues Urgent Security Update to Address Exploited Zero-Day Vulnerability

In a critical move to safeguard user data, Apple has released emergency updates for iOS and iPadOS to patch a serious security flaw, identified as CVE-2025-24200, that is currently being exploited in the wild. The updates, rolled out on February 10, 2025, come in response to alarming reports that attackers can bypass essential security measures on locked devices.

The vulnerability is linked to Apple’s USB Restricted Mode, designed to prevent unauthorized data access via USB connections. When activated, this feature blocks USB communication on devices that have not been unlocked within the last hour. However, the CVE-2025-24200 flaw allows attackers to disable this protective measure, potentially granting them access to sensitive information stored on locked iPhones and iPads.

Apple has classified this issue as an “authorization problem,” indicating that attackers could exploit it by manipulating the device’s state management system. This vulnerability is particularly concerning as it requires physical access to the device, making it a form of cyber-physical attack.

The affected devices include a wide range of models, from the iPhone XS and later to various iPad Pro models and the iPad Air (3rd generation and later). Apple strongly urges users to update their devices to the latest versions—iOS 18.3.1 and iPadOS 18.3.1—immediately to mitigate the risk of exploitation.

To update, users can navigate to Settings > General > Software Update. Apple also recommends enabling automatic updates to ensure ongoing protection against future threats. As cyber threats evolve, staying vigilant and proactive in software updates has never been more crucial for Apple users.