iOS/iPadOS: iOS/iPadOS USB Restricted Mode privilege escalation (CVE-2025-24200) #shorts

Summary

In a new report, Apple has addressed a significant zero-day vulnerability, identified as CVE-2025-24200, found in iOS and iPadOS. This flaw, actively exploited in highly targeted attacks, could disable USB Restricted Mode on locked devices. Apple released emergency updates to rectify this issue.

Product details

The vulnerability affects Apple iOS and iPadOS operating systems. Specifically, it impacts versions earlier than iOS 18.3 and iPadOS 17.7, with the issue being patched in iPadOS 17.7.5, iOS 18.3.1, and iPadOS 18.3.1 as per the latest updates.

Vulnerability type summary

CVE-2025-24200 involves an authorization issue that could lead to privilege escalation. It allows a physical attacker to potentially disable USB Restricted Mode on secure, locked devices, making it a sophisticated zero-day vulnerability.

Details of the vulnerability

The heart of CVE-2025-24200 lies in its ability to circumvent USB Restricted Mode—a crucial security feature designed to protect against unauthorized data access through USB connections. This flaw could permit attackers with physical access to compromise device security using privilege escalation techniques. The issue has been reported to have been exploited in highly sophisticated and targeted operations against certain individuals, which underscores its severity.

Conclusion

As an actively exploited zero-day vulnerability, CVE-2025-24200 poses a critical risk to users of affected iOS and iPadOS versions. To mitigate this risk, it is vital for users to immediately update their devices to the latest software versions, iPadOS 17.7.5 and iOS 18.3.1, as released by Apple. This will ensure that devices are protected from potential physical attacks aiming to disable USB Restricted Mode.

Watch the full video on YouTube: CVE-2025-24200

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2025-24200
Description
An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Provider
apple
CWE / problem types
A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Affected Software Versions
Apple:iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.7', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '18.3', 'versionType': 'custom'}]
Date Published
2025-02-10T19:04:45.242Z
Last Updated
2025-03-20T14:31:13.832Z