Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and “extremely sophisticated” attacks.
“A physical attack may disable USB Restricted Mode on a locked device,” the company revealed in an advisory targeting iPhone and iPad users.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
The vulnerability (tracked as CVE-2025-24200 and reported by Citizen Lab’s Bill Marczak) is an authorization issue addressed in iOS 18.3.1 and iPadOS 18.3.1 with improved state management.
The list of devices this zero-day impacts includes:
- iPhone XS and later,
- iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Even though this vulnerability was only exploited in targeted attacks, it is highly advised to install today’s security updates immediately to block potentially ongoing attack attempts.
While Apple has yet to provide more information about in-the-wild exploitation, Citizen Lab security researchers have often disclosed zero-days used in targeted spyware attacks against high-risk individuals, such as journalists, opposition politicians, and dissidents.
Citizen Lab disclosed two other zero-days (CVE-2023-41061 and CVE-2023-41064) that Apple fixed in emergency security updates in September 2023 and abused as part of a zero-click exploit chain (dubbed BLASTPASS) to infect fully patched iPhones with NSO Group’s Pegasus commercial spyware.
Last month, Apple fixed this year’s first zero-day vulnerability (CVE-2025-24085) tagged as exploited in attacks against iPhone users.
In 2024, the company patched six actively exploited zero-days: the first in January, two in March, a fourth in May, and two more in November.
One year before, in 2023, Apple patched 20 zero-day flaws exploited in the wild, including: