AI description
CVE-2025-24200 is an authorization issue in Apple's iOS and iPadOS, fixed with improved state management. This vulnerability could allow a physical attacker to disable USB Restricted Mode on a locked device. USB Restricted Mode, introduced in iOS 11.4.1, prevents USB accessories from connecting to an iOS device after it has been locked for a certain period. Disabling this feature could allow unauthorized access to the device's data. The vulnerability affects iPhone XS and later, iPad Pro (13-inch), iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later). Apple acknowledges that this vulnerability may have been actively exploited in highly targeted attacks, describing them as "extremely sophisticated" and directed at specific individuals. Patches for CVE-2025-24200 were released by Apple on February 9, 2025, and are included in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5. The vulnerability was reported by Bill Marczak of the Citizen Lab at the University of Toronto's Munk School.
- Description
- An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
- Source
- product-security@apple.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 4.6
- Impact score
- 3.6
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-863
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
31
Top News for Tuesday afternoon: - Tech : Apple Patches Actively Exploited CVE-2025-24200 in Emergency Update - Gaming : Mai Shiranui's casual 6 thanks to mods - NBA : 5 Takeaways : Luka lights up Los Angeles And check out these analytics! https://t.co/xR2uFFae4m
@TopNewsWithData
11 Feb 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
Vulnérabilité dans les produits Apple (11 février 2025) Une vulnérabilité a été découverte dans les produits Apple. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. Apple indique que la vulnérabilité CVE-2025-24200 e https://t.co/hxVofMZA1s
@ONE2NET
11 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Critical iOS Security Update: CVE-2025-24200 Exploited in the Wild Apple has issued an out-of-band security update to patch a zero-day vulnerability (CVE-2025-24200) affecting iOS and iPadOS devices. https://t.co/c9u63RarzO
@SecurityJoes
11 Feb 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Amenaza al iPhone: Apple lanza una actualización de emergencia (https://t.co/wTEUkuGuS4)🔴 🔣 Apple ha lanzado una actualización de seguridad no programada para iOS y iPadOS, cerrando la vulnerabilidad CVE-2025-24200 (https://t.co/q6qC5ad9Tp). Este error permite a los atacantes
@stegaintell
11 Feb 2025
14 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🌐 Bulletin d'actualité – 11 février 2025 🔗 Lire ici : https://t.co/OPpKGSyalB 🔒 Vulnérabilités : - Jour-0 Apple corrigée (CVE-2025-24200) désactive la sécurité USB. - Veeam Backup (CVE-2025-23114) ciblé par des attaques MITM. - SonicWall (CVE-2025-23006) permet RCE avant… htt
@CERT_Illicium
11 Feb 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple released an urgent iOS and iPadOS security patch on Monday to fix CVE-2025-24200, a vulnerability actively exploited in the wild. The vulnerability allowed attackers with physical access to a locked iPhone or iPad to disable USB Restricted Mode, a feature designed to… htt
@GuardingPearSof
11 Feb 2025
58 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
اپل آسیب پذیری CVE-2025-24200 را در ios پچ کرد #Cyber_Security_News #اخبار_امنیت_سایبری #CVE_2025_24200 #Apple #ios https://t.co/G6ZFThkfUh
@vulnerbyte
11 Feb 2025
24 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Check out the latest article in my newsletter: Apple Releases Urgent Security Updates for iOS and iPadOS (CVE-2025-24200) https://t.co/iqZXskDDS0 via @LinkedIn
@DarshanaChigari
11 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENT VULNERABILITY ALERT 🚨: iOS/iPadOS USB Restricted Mode Bypass (CVE-2025-24200) 💥 Actively Exploited! This vulnerability allows attackers with physical access to disable USB Restricted Mode and potentially access data on locked iOS/iPadOS devices. Affects: iPhones (XS
@syedaquib77
11 Feb 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Apple has released emergency security updates for iOS and iPadOS to patch a vulnerability exploited in the wild. This flaw, identified as CVE-2025-24200, could allow attackers to disable USB Restricted Mode on locked devices. https://t.co/XmvlDJrOWi
@achi_tech
11 Feb 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple released iOS 18.3.1 and iPadOS 18.3.1, addressing CVE-2025-24200 that allowed a physical attack to disable USB Restricted Mode on locked devices. Apple warns of a “highly sophisticated” exploit targeting certain individuals.#Apple #iOS #CVE https://t.co/vcXCSQb1nw
@ZaihuaNewsEN
11 Feb 2025
147 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
🔥Why is it urgent to update to iOS 18.3.1? According to the document, the firmware patches the CVE-2025-24200 vulnerability. This vulnerability allowed connecting to a smartphone via cable even when it was locked. The loophole could have been exploited by both hackers and law…
@MrGr1ef
11 Feb 2025
1173 Impressions
0 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Apple has released urgent updates for iOS and iPadOS to fix a critical zero-day vulnerability (CVE-2025-24200) affecting USB Restricted Mode. Targeted attacks may exploit this flaw. 💻🔒 #Apple #iOSUpdate #USA link: https://t.co/A8QDL14L9I https://t.co/1AFI9KkFoX
@TweetThreatNews
11 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Apple Security restrictions bypass Zero-day Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-24200 (CVSS 7.5/10) Apple iOS and iPadOS Security restrictions bypass Vulnerability Impact: A Successful exploit may allows an attacker to bypass… htt
@CyberxtronTech
11 Feb 2025
91 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Apple patches CVE-2025-24200, actively exploited on iOS/iPadOS. This flaw allows bypassing USB Restricted Mode on locked devices. Update to iOS 18.3.1 or iPadOS 18.3.1 immediately! 🔒 #Cybersecurity #Apple #CVE202524200 👇 https://t.co/qbg2dXkkzD
@_F2po_
11 Feb 2025
53 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update https://t.co/5irZKIJZRQ
@itsecuritynewsl
11 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Apple has released urgent updates for iOS and iPadOS to fix a serious vulnerability (CVE-2025-24200) that allows attackers to disable USB Restricted Mode on locked devices. This could enable unauthorized data extraction in targeted cyber attacks. Stay safe! 🔒📱
@eilonh1
11 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛑 Apple has released emergency security updates for iOS and iPadOS to patch a vulnerability exploited in the wild. This flaw, identified as CVE-2025-24200, could allow attackers to disable USB Restricted Mode on locked devices. Update your devices now: https://t.co/t7e02CQdBL
@TheHackersNews
11 Feb 2025
41962 Impressions
117 Retweets
227 Likes
37 Bookmarks
4 Replies
8 Quotes
iOS 18.3.1 and iPadOS 18.3.1 Security Update iOS 18.3.1 and iPadOS 18.3.1, released February 10, 2025, address a critical authorization issue that could allow a physical attack to disable USB Restricted Mode on locked devices. This vulnerability, CVE-2025-24200, was reportedly…
@applesclubs
11 Feb 2025
6993 Impressions
21 Retweets
190 Likes
7 Bookmarks
1 Reply
1 Quote
CVE-2025-24200 Authorization Bypass in Apple iOS and iPadOS Enabling USB Restricted Mode Circumvention https://t.co/LGAus5hpW6
@VulmonFeeds
10 Feb 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Apple has issued urgent updates to fix a zero-day vulnerability (CVE-2025-24200) affecting iPhones/iPads, exploited in targeted attacks. Protect devices by updating to the latest iOS/iPadOS! 🇺🇸 #AppleSecurity #iOSUpdate #CVE2025 link: https://t.co/LlyUhYvN3C https://t.co/dZ
@TweetThreatNews
10 Feb 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple has issued an urgent update for iOS and iPadOS to fix a critical flaw (CVE-2025-24200) that lets attackers disable USB Restricted Mode on locked devices. Exploitation risks include targeted surveillance. 🇺🇸 #AppleUpdate #DataSecurity link: https://t.co/mE6vHs4bPW https:/
@TweetThreatNews
10 Feb 2025
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Как сообщила Apple в документе Поддержки, в iOS 18.3.1 закрыта уязвимость CVE-2025-24200, активно эксплуатируемая с помощью подключения устройства по USB-кабелю в заблокированном состоянии. Эта проблема, возможно, была использована в сложной атаке на конкретных лиц. https://t.co/
@aaplpro
10 Feb 2025
835 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
0 Quotes
#iPhone: if you own one it's time to do a Software Update again as Apple issues an emergency iOS version 18.3.1 to patch a #zeroday vulnerability CVE-2025-24200 which can be exploited to bypass the USB restriction mode and pull the data from the device: https://t.co/hpM34OZ4pN
@securestep9
10 Feb 2025
189 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple Issues Emergency Updates to Patch Actively Exploited Zero-Day Vulnerability - CVE-2025-24200 Urgent security update: #Apple patches zero-day vulnerability (CVE-2025-24200) actively exploited in targeted attacks. https://t.co/os9CbgCaqS
@the_yellow_fall
10 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple has released emergency security updates to address a zero-day vulnerability (CVE-2025-24200) affecting iPhones and iPads. This flaw allowed attackers to disable USB Restricted Mode through physical access, potentially compromising locked devices. The vulnerability was… http
@openlensnews
10 Feb 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple fixes zero-day exploited in 'extremely sophisticated' attacks: https://t.co/TKuYgjhGVs Apple has released emergency updates to address a zero-day vulnerability (CVE-2025-24200) affecting iPhone and iPad devices, exploited in targeted attacks. The flaw impacts USB… https://
@securityRSS
10 Feb 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Wow... (CVE-2025-24200) A physical attack may disable USB Restricted Mode on a locked device(exploited ITW in an extremely sophisticated attack against specific targeted individuals) https://t.co/Jpeiy3mKKq https://t.co/WBygQEiOIB @billmarczak https://t.co/S6zg9RpF6L
@xvonfers
10 Feb 2025
9471 Impressions
28 Retweets
101 Likes
34 Bookmarks
1 Reply
1 Quote
iOS 18.3.1 is out with just CVE-2025-24200 "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals." https://t.co/ymFkqAOVBy
@R00tkitSMM
10 Feb 2025
18528 Impressions
34 Retweets
215 Likes
57 Bookmarks
3 Replies
2 Quotes
CVE-2025-24200 An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable… https://t.co/rLtz0jKJjw
@CVEnew
10 Feb 2025
583 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. 🐛 CVE-2025-24200 (Accessibility): - iOS and iPadOS 18.3.1 - iPadOS 17.7.5
@ApplSec
10 Feb 2025
178 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes