One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8648064 |
| Date de publication | 2025-02-11 20:40:58 (vue: 2025-02-11 15:53:44) |
| Titre | Apple Patches Critical iOS Zero-Day CVE-2025-24200 |
| Texte | On Monday, Apple rolled out emergency security updates to fix a critical zero-day vulnerability in iOS and iPadOS that was actively exploited in an extremely sophisticated attack.
The high zero-day vulnerability, identified as CVE-2025-24200, is an authorization issue in Apple’s iOS and iPadOS that could allow a physical attacker to disable USB Restricted Mode on a locked device.
In other words, this vulnerability could enable a sophisticated physical attack to bypass USB Restricted Mode on a locked iOS or iPadOS device.
For those unaware, Apple’s USB Restricted Mode is a security feature introduced in iOS 11.4.1 to prevent unauthorized access to an iPhone or iPad via USB accessories.
When enabled, this mode prevents USB accessories that plug into the Lightning port from making data connections with the device if it has not been unlocked within the past hour.
This prevents hacking tools that connect via the Lightning port from bypassing passcodes and encryption.
Meanwhile, Apple has acknowledged the issue and fixed the vulnerability with improved state management.
“A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company wrote in the advisories [(1),(2)] published on Monday.
The Cupertino giant has credited security researcher Bill Marczak of The Citizen Lab at The University of Toronto\'s Munk School for discovering and reporting the vulnerability to Apple.
The CVE-2025-24200 vulnerability affected a broad range of Apple devices, including:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Apple has resolved the vulnerability above by releasing software updates - iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 - with improved memory management.
While Apple has not provided any information on how the above vulnerability was exploited, it has strongly urged its iOS and iPadOS users to immediately update their devices to the latest versions to mitigate potential security threats.
Further, enable automatic updates to ensure you receive future patches on your devices without delay.
Avoid clicking on suspicious links and only download apps from trusted sources to reduce the risk of vulnerabilities.
For software updates on iPhone or iPad, go to Settings > General > Software Update > Check for the update and install.
On Monday, Apple rolled out emergency security updates to fix a critical zero-day vulnerability in iOS and iPadOS that was actively exploited |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 1st 2025 24200 2nd 3rd 5th 6th 7th above access accessories acknowledged actively affected against air allow and ipados any apple apple’s apps attack attacker authorization automatic avoid aware been bill broad bypass bypassing check citizen clicking company connect connections could credited critical cupertino cve data day delay device devices disable discovering download emergency enable enabled encryption ensure exploited extremely feature fix fixed from further future general generation giant hacking has have high hour how identified immediately improved inch including: individuals information install introduced in an ios ipad ipados iphone issue its lab later latest lightning links locked making management marczak may meanwhile memory mini mitigate mode monday munk not only other out passcodes past patches physical plug port potential prevent prevents pro provided published range receive reduce releasing report reporting researcher resolved restricted risk rolled school security settings software sophisticated sources specific state strongly suspicious targeted the advisories those threats tools toronto trusted unauthorized unaware university unlocked update updates urged usb users versions vulnerabilities vulnerability when within without words wrote your zero ios |
| Tags | Tool Vulnerability Threat Mobile |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.