Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Apple rushes to patch iOS exploit that lets hackers bypass lock screen

Apple confirmed it is aware of reports stating that this vulnerability may have been exploited in highly sophisticated attacks against specific targeted individuals

byKerem Gülen
February 11, 2025
in News, Cybersecurity
Home News

Apple released emergency security updates on Monday to fix a vulnerability in iOS and iPadOS, identified as CVE-2025-24200, which has been actively exploited in the wild. The flaw presents an authorization issue that could allow attackers with physical access to disable USB Restricted Mode on locked devices as part of a cyber physical attack.

Apple releases emergency updates to fix iOS vulnerability

USB Restricted Mode, introduced in iOS 11.4.1, prevents iOS and iPadOS devices from communicating with accessories when they have not been unlocked and connected within the previous hour. This feature aims to protect devices from unauthorized access by digital forensics tools often used by law enforcement, such as Cellebrite and GrayKey.

Apple confirmed it is aware of reports stating that this vulnerability may have been exploited in highly sophisticated attacks against specific targeted individuals. The flaw has been addressed with improved state management according to Apple’s advisory, although further technical details remain undisclosed.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Bill Marczak, a security researcher from The Citizen Lab at the University of Toronto, discovered and reported the vulnerability. The updated software is available for the following devices:

  • iOS 18.3.1 and iPadOS 18.3.1: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
  • iPadOS 17.7.5: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation.

This release follows a recent fix for a different security flaw—CVE-2025-24085, a use-after-free bug in the Core Media component—previously identified as exploited in earlier iOS versions. Moreover, zero-day vulnerabilities in Apple software are frequently deployed by surveillance vendors to extract data from compromised devices.

Commercially marketed tools, like NSO Group’s Pegasus, claim utility for law enforcement while also facing scrutiny for invasive practices. NSO Group has maintained that Pegasus is not designed for mass surveillance and is exclusively licensed to vetted agencies.

USB Restricted Mode has been crucial in minimizing risks associated with physical attacks through device ports. If a device is locked for over an hour, Apple disables its Lightning or USB ports to thwart potential breaches from connected accessories.

The National Institute of Standards characterizes the newly patched vulnerability as an authorization issue that required state management improvements. Apple pointed out that a physical attack could potentially disable USB Restricted Mode on locked devices and has acknowledged concerns regarding its exploitation in targeted attacks.

Marczak specifically emphasized the critical nature of this update, urging users to upgrade to iOS 18.3.1 to safeguard against these vulnerabilities. Users can find the update through their device settings under Software Update.

For devices not affected by the flaw and running older iOS versions, Apple has not issued updates as the company continues prioritizing more recent operating systems, thereby reinforcing the importance of timely updates in combating digital threat landscapes.


Featured image credit: William Hook/Unsplash

Tags: AppleCybersecurityiOS

Related Posts

Psychopathia Machinalis and the path to “Artificial Sanity”

Psychopathia Machinalis and the path to “Artificial Sanity”

September 1, 2025
GPT-4o Mini is fooled by psychology tactics

GPT-4o Mini is fooled by psychology tactics

September 1, 2025
AI reveals what doctors cannot see in coma patients

AI reveals what doctors cannot see in coma patients

September 1, 2025
Asian banks fight fraud with AI, ISO 20022

Asian banks fight fraud with AI, ISO 20022

September 1, 2025
Android 16 Pixel bug silences notifications

Android 16 Pixel bug silences notifications

September 1, 2025
Azure Integrated HSM hits every Microsoft server

Azure Integrated HSM hits every Microsoft server

September 1, 2025

LATEST NEWS

Psychopathia Machinalis and the path to “Artificial Sanity”

GPT-4o Mini is fooled by psychology tactics

AI reveals what doctors cannot see in coma patients

Asian banks fight fraud with AI, ISO 20022

Android 16 Pixel bug silences notifications

Azure Integrated HSM hits every Microsoft server

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.