Apple fixes the USB Restricted Mode flaw in iOS 18.3.1 and iPadOS 18.3.1. Vulnerability exploited in targeted attacks. Update your iPhone/iPad now.
Apple has issued an urgent security update for iPhones and iPads, addressing a significant vulnerability that has, reportedly, already been exploited in targeted attacks. Tracked as CVE-2025-24200, the vulnerability affects the USB Restricted Mode, a security feature introduced in 2018 to protect devices from unauthorized access.
For your information, this security feature is designed to disable the Lightning or USB ports of iPhones and iPads if they remain locked for more than an hour. Normally, these ports are re-enabled once the user authenticates and unlocks their device.
However, it appears that this protection mechanism itself has been compromised. The bug can be exploited by an attacker with physical possession of a locked phone, enabling them to re-enable the data port and potentially allowing further intrusion. Apple has acknowledged that this flaw can disable the feature.
“A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an “extremely sophisticated” attack against specific targeted individuals,” the iPhone maker’s advisory read.
Security experts believe that Apple’s unusual choice of words, describing the exploit as “extremely sophisticated,” highlights the seriousness of the issue.
The National Institute of Standards and Technology (NIST) has also assessed this vulnerability, describing it as an “authorization issue” that has been resolved through “improved state management.”
The company has released patches, iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 to address this issue. These updates are available for a wide range of devices, including iPhone XS and later models, as well as various iPad Pro, iPad Air, iPad Mini, and standard iPad models.
The vulnerability was discovered by Bill Marczak, a senior researcher at the Citizen Lab. While Apple has not provided detailed information about the attack or the specific methods used, the discovery by the Citizen Lab suggests a possible connection to sophisticated surveillance techniques, potentially at the nation-state level.
Update your iPhones.. again! iOS 18.3.1 out today with a fix for an ITW USB restricted mode bypass (via Accessibility) https://t.co/jcrsab7RGu pic.twitter.com/ER42QQcsLj
— Bill Marczak (@billmarczak) February 10, 2025