Apple has swiftly addressed a zero-day vulnerability, CVE-2025-24200, in its iOS and iPadOS platforms, which was actively exploited in the wild. The flaw, characterized by an authorization issue, was patched in an emergency update released on February 10, 2025. The vulnerability, which affects iOS versions up to 18.3.1 and iPadOS versions up to 18.3.1, allows a physical attacker to disable USB Restricted Mode on a locked device, potentially exposing sensitive data.
The vulnerability has a CVSS score of 6.1, indicating a medium severity, but its exploitation in the wild and its inclusion in the Known Exploited Vulnerabilities (KEV) catalog underscore its significance. The Exploit Prediction Scoring System (EPSS) rates it at 0.473, reflecting a moderate likelihood of exploitation. The Security Severity Vulnerability Classification (SSVC) categorizes it as "attend," suggesting that immediate attention is warranted.
The flaw was exploited within just 1.2 days of its disclosure, highlighting the rapid pace at which attackers moved to leverage this weakness. This quick turnaround from disclosure to exploitation emphasizes the need for organizations and individuals to apply patches promptly to mitigate potential risks.
Apple's emergency update, which addresses this vulnerability, is available for iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, iPadOS 16.7.11, iOS 18.3.1, and iPadOS 18.3.1. Users are strongly advised to update their devices to these versions to protect against potential exploitation. The update improves state management to resolve the authorization issue, thereby preventing unauthorized access via USB connections on locked devices.
For security teams, the immediate focus should be on ensuring that all Apple devices within their networks are updated to the latest versions. Additionally, monitoring for any signs of exploitation attempts, particularly those targeting USB Restricted Mode, is crucial. Given the vulnerability's exploitation in sophisticated attacks, organizations should also review their physical security protocols to mitigate risks associated with physical access to devices.
As attackers continue to exploit vulnerabilities at an alarming speed, the importance of timely patch management cannot be overstated. Apple's swift response to CVE-2025-24200 serves as a reminder of the dynamic threat landscape and the critical role of proactive security measures in safeguarding digital assets.
CSURFACE