Apple repairs the zero-day, which was exploited in “extremely sophisticated” attacks

Apple has released Emergency Security Updates to spark a zero-day security susceptibility that the company used in targeted and extremely sophisticated “attacks.

“A physical attack can deactivate the USB -limited mode on a blocked device,” the company revealed in an advisory iPhone and iPad user.

“Apple is aware that this problem may have been exploited against certain targeted people in an extremely sophisticated attack.”

The USB -restricted mode is a safety function (introduced almost seven years ago in iOS 11.4.1) that blocks USB accessories from the creation of a data connection if the device has been blocked for over an hour. This function blocks forensic software such as Graykey and Cellebrite (often used by law enforcement agencies) from extracting data from blocked iOS devices.

In November, Apple presented another security function (called “inactivity restart”), which will automatically restart iPhones after long idle times in order to decrypt data again and make it more difficult to extract it with forensic software.

The zero-day vulnerability (registered as CVE 2025-24200 and registered by Bill Marczak) is an approval problem treated in iOS 18.3.1, Ipados 18.3.1 and Ipados 17.7.5 with improved state management. .

The list of devices include these effects on the zero-day effects:

• iPhone XS and later,
• iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later iPad Air 3. Generation and later iPad 7th generation and later as well as iPad mini 5th generation and later
• iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5 inches and iPad 6th generation

Although this susceptibility to security was only used in targeted attacks, it is highly recommended to install today’s security updates immediately in order to block potential ongoing attack attempts.

While Apple provides even more information about exploitation in Wildern, Citizen Lab Security Researchers have often revealed Zero-Days that were used in targeted spyware attacks against high-risk opera such as journalists, opposition politicians and dissidents.

Citizen Lab has announced two more zero-day (CVE 2023-41061 and CVE-2023-41064) iPhones with Pegasus Commercial Spyware from NSO Group.

Last month, Apple remedied this year’s first zero-day vulnerability (CVE 2025-24085), which was exploited in attacks against iPhone users.

In 2024, the company had six actively exploited zero-days: the first in January, two in March, a fourth in May and two more in November.

A year earlier, in 2023, Apple patched 20 zero-day defects in the wild, including: