Apple has rolled out iOS 18.3.1 and iPadOS 18.3.1, addressing a Zero-day vulnerability exploited in targeted extremely sophisticated attacks by taking advantage of disabling the USB-restricted mode.
Apple’s USB Restricted Mode is a security feature that prevents unauthorized access to data on an iOS device. It prevents USB accessories from connecting to a locked device after a certain amount of time.
The update is available for various devices, including iPhone XS and later models, as well as various iPad Pro, iPad Air, iPad, and iPad mini models.
USB Restricted Mode Vulnerability
The update resolves an issue within the Accessibility framework that could allow a physical attacker to disable USB Restricted Mode on a locked device.
“A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”Apple stated in release notes.
This vulnerability posed a serious risk, as it could be exploited in highly sophisticated attacks targeting specific individuals. Apple has acknowledged reports of this issue being used in real-world scenarios.
The flaw was identified as an authorization issue, which Apple addressed by improving state management within the system.
The vulnerability is tracked under the identifier CVE-2025-24200 and was reported by Bill Marczak from The Citizen Lab at the University of Toronto’s Munk School.
Apple maintains its policy of withholding details about security vulnerabilities until investigations are complete and patches are available to protect users. The company emphasizes its dedication to user security by promptly addressing such issues and providing regular updates.
Apple encourages all eligible users to install the update promptly to ensure their devices remain secure against potential threats.
Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free