Apple said it had been exploited in the wild by a security flaw in iOS and iphone on Monday when it released out-of-band security updates.
The risk, which has been assigned the CVE identification CVE-2025-24200, has been described as an approval flaw that may allow a destructive artist to turn off USB Restricted Mode on a secured system during a cyberphysical attack.
This suggests that the intruders need to gain real exposure to the system to utilize the weakness. An Apple iphone or iPadOS system that hasn’t been unlocked and connected an item within the previous hour is unable to communicate with a connected accessory thanks to iOS 11.4.1’s USB Restricted Mode.
The feature is seen as an attempt to stop law enforcement agencies from gaining unauthorized access to a sequestered system and extracting sensitive data using online forensic tools like or , which are primarily used by law enforcement agencies.
No additional information about the protection flaw are now available in line with recommendations of this kind. The iPhone’s manufacturer claimed that improved condition administration had solved the vulnerability.
Apple did, however, acknowledge that it is aware of a report suggesting that this issue might have been used to launch a highly advanced attack against specific qualified individuals.
The Citizen Lab researcher at The University of Toronto’s Munk School, Bill Marczak, is credited with finding and reporting the weakness.
The upgrade is accessible for the following hardware and software:
- iOS 18.3.1 and iPadOS 18.3.1- iPhone XS and afterwards, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and afterwards, iPad Pro 11-inch 1st generation and afterwards, iPad Air 3rd generation and afterwards, iPad 7th generation and afterwards, and iPad mini 5th generation and later
- iphone 17.7.5- iPad Pro 12.9-inch 2nd generation, touchscreen Pro 10.5-inch, and mobile 6th era
The development comes a few weeks after Cupertino fixed a use-after-free bug in the Core Media component ( CVE-2025-24085 ), which was discovered to have been exploited against iOS versions prior to iOS 17.2.
Professional surveillanceware vendors have used zero-day exploits to create powerful programs that can remove data from sufferer devices in Apple software.
While these instruments, such as NSO Group’s , are marketed as “technology that saves lives” and overcome serious legal action as a way to get around the so-called” Going Black” problem, they have also been misused to spy on people of the civil society.
NSO Group, for its part, has reiterated that Pegasus is not a mass surveillance tool and that it’s licensed to “legitimate, vetted intelligence and law enforcement agencies”.
In its , the Israeli company said it serves 54 customers in 31 countries, of which 23 are intelligence agencies and another 23 are law enforcement agencies.