Article Details

Apple fixes zero-day exploited in 'extremely sophisticated' attacks. Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks. "A physical attack may disable USB Restricted Mode on a locked device," the company revealed in an advisory targeting iPhone and iPad users. "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals." The vulnerability (tracked as CVE-2025-24200 and reported by Citizen Lab's Bill Marczak) is an authorization issue addressed in iOS 18.3.1 and iPadOS 18.3.1 with improved state management. The list of devices this zero-day impacts includes: Even though this vulnerability was only exploited in targeted attacks, it is highly advised to install today's security updates immediately to block potentially ongoing attack attempts. While Apple has yet to provide more information about in-the-wild exploitation, Citizen Lab security researchers have often disclosed zero-days used in targeted spyware attacks against high-risk individuals, such as journalists, opposition politicians, and dissidents. Citizen Lab disclosed two other zero-days (CVE-2023-41061 and CVE-2023-41064) that Apple fixed in emergency security updates in September 2023 and abused as part of a zero-click exploit chain (dubbed BLASTPASS) to infect fully patched iPhones with NSO Group's Pegasus commercial spyware. Last month, Apple fixed this year's first zero-day vulnerability (CVE-2025-24085) tagged as exploited in attacks against iPhone users. In 2024, the company patched six actively exploited zero-days: the first in January, two in March, a fourth in May, and two more in November. One year before, in 2023, Apple patched 20 zero-day flaws exploited in the wild, including: