Detections
Analytics
CVE-2025-24200
medium
Description
An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
References
https://thehackernews.com/2025/04/apple-patches-two-actively-exploited.html
https://www.securityweek.com/apple-patches-recent-zero-days-in-older-iphones/
https://thehackernews.com/2025/04/apple-backports-critical-fixes-for-3.html
https://cyberscoop.com/apple-security-update-march-2025/
https://support.apple.com/en-us/122346
https://support.apple.com/en-us/122345
https://www.darkreading.com/mobile-security/apple-drops-another-webkit-zero-day-bug
https://thehackernews.com/2025/03/apple-releases-patch-for-webkit-zero.html
https://hackread.com/apple-extremely-sophisticated-exploit-ios-security/
https://www.darkreading.com/endpoint-security/apple-releases-urgent-patch-usb-vulnerability
https://thehackernews.com/2025/02/apple-patches-actively-exploited-ios.html
https://support.apple.com/en-us/122174
https://support.apple.com/en-us/122173