{"id":760,"date":"2025-02-11T02:58:14","date_gmt":"2025-02-11T02:58:14","guid":{"rendered":"https:\/\/www.batteryone.co\/blog\/?p=760"},"modified":"2025-02-11T02:58:14","modified_gmt":"2025-02-11T02:58:14","slug":"apple-releases-emergency-security-updates-to-patch-zero-day-vulnerability","status":"publish","type":"post","link":"https:\/\/www.batteryone.co\/blog\/archives\/760","title":{"rendered":"Apple Releases Emergency Security Updates to Patch Zero-Day Vulnerability"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.batteryone.co\/search?keyword=Apple&amp;post_type=product\">Apple<\/a>&nbsp;has issued&nbsp;<strong>emergency security updates<\/strong>&nbsp;to patch a newly discovered&nbsp;<strong>zero-day vulnerability<\/strong>&nbsp;that was actively exploited in&nbsp;<strong>highly sophisticated<\/strong>&nbsp;and&nbsp;<strong>targeted attacks<\/strong>. The flaw, tracked as&nbsp;<strong>CVE-2025-24200<\/strong>, could allow an attacker to bypass&nbsp;<strong>USB Restricted Mode<\/strong>, a critical iOS security feature designed to block unauthorized data access on locked devices.<\/p>\n\n\n\n<p>This zero-day was discovered and reported by&nbsp;<strong>Citizen Lab&#8217;s Bill Marczak<\/strong>, a researcher known for exposing&nbsp;<strong>spyware threats<\/strong>&nbsp;targeting high-risk individuals, including&nbsp;<strong>journalists, political dissidents, and activists<\/strong>. According to Apple\u2019s&nbsp;<strong>security advisory<\/strong>, the vulnerability allows a&nbsp;<strong>physical attack<\/strong>&nbsp;to disable&nbsp;<strong>USB Restricted Mode<\/strong>&nbsp;on a locked iPhone or iPad, potentially exposing sensitive data.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/content\/hl-images\/2023\/04\/10\/Apple-headpic.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">What is USB Restricted Mode?<\/h2>\n\n\n\n<p>First introduced in&nbsp;<strong>iOS 11.4.1<\/strong>&nbsp;nearly&nbsp;<strong>seven years ago<\/strong>,&nbsp;<strong>USB Restricted Mode<\/strong>&nbsp;is designed to prevent&nbsp;<strong>forensic tools<\/strong>&nbsp;like&nbsp;<strong>GrayKey and Cellebrite<\/strong>&nbsp;from extracting data from locked iOS devices. If an iPhone or iPad&nbsp;<strong>remains locked for over an hour<\/strong>, it blocks USB accessories from establishing a&nbsp;<strong>data connection<\/strong>\u2014effectively stopping unauthorized data extraction.<\/p>\n\n\n\n<p>To further enhance security, Apple introduced&nbsp;<strong>&#8220;inactivity reboot&#8221;<\/strong>&nbsp;in&nbsp;<strong>November 2024<\/strong>, which&nbsp;<strong>automatically restarts iPhones<\/strong>&nbsp;after long periods of inactivity, re-encrypting data and making forensic extraction even more difficult.<\/p>\n\n\n\n<p>The vulnerability affects a&nbsp;<strong>wide range of Apple devices<\/strong>, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/www.batteryone.co\/search?keyword=iPhone&amp;post_type=product\">iPhone<\/a>s<\/strong>: iPhone XS and later<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.batteryone.co\/search?keyword=iPad&amp;post_type=product\">iPad<\/a>s<\/strong>:\n<ul class=\"wp-block-list\">\n<li>iPad Pro 13-inch<\/li>\n\n\n\n<li>iPad Pro 12.9-inch (3rd generation and later)<\/li>\n\n\n\n<li>iPad Pro 11-inch (1st generation and later)<\/li>\n\n\n\n<li>iPad Air (3rd generation and later)<\/li>\n\n\n\n<li>iPad 7th generation and later<\/li>\n\n\n\n<li>iPad mini (5th generation and later)<\/li>\n\n\n\n<li>iPad Pro 12.9-inch (2nd generation), iPad Pro 10.5-inch, and iPad 6th generation<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Apple has addressed the issue with&nbsp;<strong>improved state management<\/strong>&nbsp;in&nbsp;<strong>iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5<\/strong>.<\/p>\n\n\n\n<p>Although the&nbsp;<strong>CVE-2025-24200 vulnerability<\/strong>&nbsp;has only been exploited in&nbsp;<strong>targeted attacks<\/strong>, Apple strongly advises all users to&nbsp;<strong>install the latest security updates<\/strong>&nbsp;to prevent potential threats.<\/p>\n\n\n\n<p>Citizen Lab has previously reported multiple&nbsp;<strong>zero-day vulnerabilities<\/strong>&nbsp;used in spyware attacks, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The\u00a0<strong>BLASTPASS exploit chain<\/strong>\u00a0(September 2023), which infected\u00a0<strong>fully patched iPhones<\/strong>\u00a0with\u00a0<strong>NSO Group\u2019s Pegasus spyware<\/strong>.<\/li>\n\n\n\n<li><strong>CVE-2025-24085<\/strong>, the\u00a0<strong>first zero-day attack of 2025<\/strong>, patched just last month.<\/li>\n<\/ul>\n\n\n\n<p>Apple has been consistently patching&nbsp;<strong>actively exploited zero-days<\/strong>, with a notable&nbsp;<strong>increase in threats over the past two years<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>2025 (so far)<\/strong>: 2 zero-days patched<\/li>\n\n\n\n<li><strong>2024<\/strong>: 6 zero-days patched<\/li>\n\n\n\n<li><strong>2023<\/strong>: 20 zero-days patched<\/li>\n<\/ul>\n\n\n\n<p>Some of the most severe exploits in&nbsp;<strong>2023<\/strong>&nbsp;included:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>BLASTPASS zero-click attack<\/strong>\u00a0(CVE-2023-41061, CVE-2023-41064) in September<\/li>\n\n\n\n<li><strong>Multiple WebKit zero-days<\/strong>\u00a0allowing remote code execution<\/li>\n<\/ul>\n\n\n\n<p>Apple has not disclosed&nbsp;<strong>who was targeted<\/strong>&nbsp;by this latest exploit, but given its history, it&#8217;s likely that the attack was part of a&nbsp;<strong>state-sponsored spyware operation<\/strong>. The company continues to&nbsp;<strong>tighten security measures<\/strong>, but the increasing number of&nbsp;<strong>sophisticated attacks<\/strong>&nbsp;suggests that&nbsp;<strong>iPhone users\u2014especially high-risk individuals\u2014should stay vigilant and update their devices immediately<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apple&nbsp;has issued&nbsp;emergency security updates&nbsp;to patch a newly discovered&nbsp;zero-day vulnerability&nbsp;that was actively exploited in&nbsp;highly sophisticated&nbsp;and&nbsp;targeted attacks. The flaw, tracked as&nbsp;CVE-2025-24200, could allow an attacker to bypass&nbsp;USB Restricted Mode, a critical iOS security feature designed to block unauthorized data access on locked devices. This zero-day was discovered and reported by&nbsp;Citizen Lab&#8217;s Bill Marczak, a researcher known for [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[7],"class_list":["post-760","post","type-post","status-publish","format-standard","hentry","category-news","tag-apple"],"_links":{"self":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts\/760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/comments?post=760"}],"version-history":[{"count":1,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts\/760\/revisions"}],"predecessor-version":[{"id":761,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts\/760\/revisions\/761"}],"wp:attachment":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/media?parent=760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/categories?post=760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/tags?post=760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}