On Monday, Apple released an out-of-band security update to address security flaws on iOS and iPads.
The vulnerability assigned the CVE Identifier CVE-2025-24200 is described as an authorization issue that allows malicious actors to disable USB restriction mode on devices that are locked as part of a cyber-physical attack It’s there.
This suggests that attackers need physical access to the device to take advantage of the flaws. Due to the USB Restriction Mode introduced in iOS 11.4.1, if your Apple iOS and iPads devices are not unlocked, they will not be able to communicate with the connected accessories if they are connected within the past hour Masu.
This feature is seen as an attempt to prevent digital forensic tools such as Cellebrite and Graykey, which are primarily used by law enforcement.
In line with this type of recommendation, there are no other details regarding currently available security flaws. The iPhone manufacturer said the vulnerabilities were addressed through improved national control.
However, Apple admitted that it is “aware of reports that this issue could have been exploited in a very sophisticated attack on a particular targeted individual.”
Bill Marcak, a security researcher at the Manx School’s Civic Research Institute at the University of Toronto, is believed to have discovered and reported the defect.
This update is available on the following devices and operating systems –
iOS 18.3.1 and iPads 18.3.1 – iPhone XS and later, iPad Pro 13 inch, iPad Pro 12.9 inch 3rd generation and later, iPad Pro 11 inch 1st generation and later, iPad Air 3rd Generation and later, iPad 7th generation and later, and iPad Mini 5th Generation and subsequent iPads 17.7.5-iPad Pro 12.9 inch 2nd generation, iPad Pro 10.5 inch, iPad 6thent
This development comes just a few weeks after Cupertino resolves another security flaw. This was an invalid bug (CVE-2025-24085) in the core media component (CVE-2025-24085) revealed that it was exploited against iOS versions prior to iOS 17.2.
Apple Software’s Zero Day is weaponized primarily by commercial surveillance ware vendors, and deploys sophisticated programs that allow data to be extracted from victim devices.
These tools, such as the NSO group’s Pegasus, are sold as “life-saving techniques” and can fight serious criminal behavior as a way to avoid so-called “dark” issues, but they also have members of the It has been misused to spy. Civil society.
The NSO group has reiterated that Pegasus is not a large-scale monitoring tool, but is approved by “legitimately reviewed intelligence agency and law enforcement agencies.”
In a 2024 transparency report, the Israeli company said it serves 54 customers in 31 countries, 23 of which are intelligence reporting agencies and another 23 are law enforcement agencies. .
Source link
