Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Apple rushes to patch iOS exploit that lets hackers bypass lock screen

Apple confirmed it is aware of reports stating that this vulnerability may have been exploited in highly sophisticated attacks against specific targeted individuals

byKerem Gülen
February 11, 2025
in News, Cybersecurity
Home News

Apple released emergency security updates on Monday to fix a vulnerability in iOS and iPadOS, identified as CVE-2025-24200, which has been actively exploited in the wild. The flaw presents an authorization issue that could allow attackers with physical access to disable USB Restricted Mode on locked devices as part of a cyber physical attack.

Apple releases emergency updates to fix iOS vulnerability

USB Restricted Mode, introduced in iOS 11.4.1, prevents iOS and iPadOS devices from communicating with accessories when they have not been unlocked and connected within the previous hour. This feature aims to protect devices from unauthorized access by digital forensics tools often used by law enforcement, such as Cellebrite and GrayKey.

Apple confirmed it is aware of reports stating that this vulnerability may have been exploited in highly sophisticated attacks against specific targeted individuals. The flaw has been addressed with improved state management according to Apple’s advisory, although further technical details remain undisclosed.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Bill Marczak, a security researcher from The Citizen Lab at the University of Toronto, discovered and reported the vulnerability. The updated software is available for the following devices:

  • iOS 18.3.1 and iPadOS 18.3.1: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
  • iPadOS 17.7.5: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation.

This release follows a recent fix for a different security flaw—CVE-2025-24085, a use-after-free bug in the Core Media component—previously identified as exploited in earlier iOS versions. Moreover, zero-day vulnerabilities in Apple software are frequently deployed by surveillance vendors to extract data from compromised devices.

Commercially marketed tools, like NSO Group’s Pegasus, claim utility for law enforcement while also facing scrutiny for invasive practices. NSO Group has maintained that Pegasus is not designed for mass surveillance and is exclusively licensed to vetted agencies.

USB Restricted Mode has been crucial in minimizing risks associated with physical attacks through device ports. If a device is locked for over an hour, Apple disables its Lightning or USB ports to thwart potential breaches from connected accessories.

The National Institute of Standards characterizes the newly patched vulnerability as an authorization issue that required state management improvements. Apple pointed out that a physical attack could potentially disable USB Restricted Mode on locked devices and has acknowledged concerns regarding its exploitation in targeted attacks.

Marczak specifically emphasized the critical nature of this update, urging users to upgrade to iOS 18.3.1 to safeguard against these vulnerabilities. Users can find the update through their device settings under Software Update.

For devices not affected by the flaw and running older iOS versions, Apple has not issued updates as the company continues prioritizing more recent operating systems, thereby reinforcing the importance of timely updates in combating digital threat landscapes.


Featured image credit: William Hook/Unsplash

Tags: AppleCybersecurityiOS

Related Posts

Xiaomi to launch 17, 17 Pro, and 17 Pro Max series in China on September 25

Xiaomi to launch 17, 17 Pro, and 17 Pro Max series in China on September 25

September 23, 2025
Next-gen PCIe 8.0 standard promises 1TB/s bandwidth for AI and quantum workloads

Next-gen PCIe 8.0 standard promises 1TB/s bandwidth for AI and quantum workloads

September 23, 2025
Nvidia Drive AGX Thor to power robotaxi project

Nvidia Drive AGX Thor to power robotaxi project

September 23, 2025
Poll: Half of Taiwan fears TSMC becoming US-SMC

Poll: Half of Taiwan fears TSMC becoming US-SMC

September 23, 2025
From Pilot to Policy: RYT Gathers Global Leaders at TOKEN2049

From Pilot to Policy: RYT Gathers Global Leaders at TOKEN2049

September 23, 2025
Nvidia and OpenAI announce landmark 0 billion partnership, igniting global stock rally

Nvidia and OpenAI announce landmark $100 billion partnership, igniting global stock rally

September 23, 2025

LATEST NEWS

Xiaomi to launch 17, 17 Pro, and 17 Pro Max series in China on September 25

Next-gen PCIe 8.0 standard promises 1TB/s bandwidth for AI and quantum workloads

Nvidia Drive AGX Thor to power robotaxi project

Poll: Half of Taiwan fears TSMC becoming US-SMC

From Pilot to Policy: RYT Gathers Global Leaders at TOKEN2049

Nvidia and OpenAI announce landmark $100 billion partnership, igniting global stock rally

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.