Security
Headlines
HeadlinesLatestCVEs

Headline

Apple Releases Urgent Patch for USB Vulnerability

The vulnerability could allow a threat actor to disable the security feature on a locked device and gain access to user data.

DARKReading
#vulnerability#apple#asus#auth

Source: Simon Dack via Alamy Stock Photo

NEWS BRIEF

Apple has released a security update for a vulnerability that the tech giant reports may have been exploited in an “extremely sophisticated attack.”

Not only that, but these attacks targeted specific individuals, though Apple has not provided any further information.

The vulnerability, tracked as CVE-2025-24200, could allow for a physical attack to disable USB Restricted Mode on a locked device.

USB Restricted Mode is a feature that makes it more difficult for threat actors to unlock a user’s phone. When active, a phone’s lightning port will only allow charging after the device has been locked for more than an hour, meaning that if an unauthorized actor attempted to connect a locked iPhone to a device to access its data, they could only do so with the necessary credentials.

The security update to fix this vulnerability is available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch third generation and later, iPad Pro 11-inch first generation and later, iPad Air third generation and later, iPad seventh generation and later, and iPad mini fifth generation and later.

Users of any of these devices should install updates as soon as possible and can check if they’re updated to the latest software version by going to their settings.

These kinds of vulnerabilities are usually deployed by commercial spyware vendors, such as Pegasus, to target particular individuals, so the average user shouldn’t be concerned about being targeted while the details of the attack remain unpublished. However, if they are published, copycat cybercriminals will try to imitate this attack vector, hence the urgency in updating to the latest version.

About the Author

Skilled writer and editor covering cybersecurity for Dark Reading.

Related news

Apple fixes zero-day vulnerability used in “extremely sophisticated attack”

Apple has released an out-of-band security update for a vulnerability which it says may have been exploited in an "extremely sophisticated attack against specific targeted individuals.”

DARKReading: Latest News

Microsoft's February Patch a Lighter Lift Than January's