Apple has urgently released iOS 18.3.1 and iPadOS 18.3.1 to address a critical zero-day vulnerability, identified as CVE-2025-24200, which has been actively exploited in sophisticated attacks targeting specific individuals.
This vulnerability allows attackers with physical access to a device to disable USB Restricted Mode, a security feature designed to prevent unauthorized data access through the device’s Lightning port.
Key Points:
- Vulnerability Details: The flaw is an authorization issue that permits disabling USB Restricted Mode on locked devices, potentially exposing sensitive data.
- Discovery: Security researcher Bill Marczak from The Citizen Lab reported the vulnerability.
- Affected Devices: The update is available for iPhone XS and later, various iPad Pro models, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Impact:
Exploiting this vulnerability requires physical access to the device. Once accessed, an attacker could disable USB Restricted Mode, potentially allowing unauthorized data extraction using specialized tools. This poses significant risks, especially for individuals handling sensitive information.
How to Update iOS:
To protect your device from potential exploitation, it’s crucial to update to iOS 18.3.1 or iPadOS 18.3. Follow these steps:
- Backup Your Device: Ensure your data is backed up via iCloud or to a computer.
- Connect to Wi-Fi: Make sure your device is connected to a stable Wi-Fi network.
- Navigate to Settings: Open the “Settings” app.
- Access Software Update: Go to “General” > “Software Update.”
- Download and Install: If the update is available, tap “Download and Install.”
- Follow Prompts: Enter your passcode if prompted and agree to the terms and conditions.
- Complete Installation: Allow the update to download and install. Your device will restart once the process is complete.
