CISA Warns of Active Exploitation of Apple iOS & iPadOS Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning of active exploitation of a critical security flaw in Apple’s iOS and iPad operating systems.

Tracked as CVE-2025-24200, the vulnerability permits attackers with physical access to bypass critical security protections on locked devices, escalating risks of unauthorized data access and potential device compromise.

Vulnerability Details and Impact

The flaw stems from an incorrect authorization vulnerability (CWE-863) in Apple’s mobile operating systems.

Attackers exploiting this weakness can disable USB Restricted Mode—a security feature that limits USB connectivity for locked devices after one hour of inactivity—thereby bypassing safeguards designed to prevent brute-force passcode attempts or unauthorized data transfers.

This vulnerability is particularly concerning for high-risk individuals, such as journalists, activists, and corporate executives, whose devices may contain sensitive information.

CISA confirmed the vulnerability’s active exploitation in the wild but noted that its linkage to ransomware campaigns remains unverified.

The agency added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on February 12, 2025, mandating federal agencies to apply mitigations by March 5, 2025. Private-sector organizations and individuals are strongly advised to follow suit.

Apple has not publicly commented on whether a patch is in development, but CISA’s advisory instructs users to apply vendor-provided updates immediately upon release.

If mitigations are unavailable, the agency recommends discontinuing use of vulnerable devices—a drastic measure underscoring the flaw’s severity.

Security experts emphasize the urgency of addressing this vulnerability. “USB Restricted Mode is a cornerstone of iOS security,” said Jane Harper, a mobile security researcher at Kaspersky.

“Its compromise could expose millions of users to clandestine data theft or device manipulation, particularly if their phones are stolen.”

The exploit’s physical-access requirement narrows its applicability but heightens risks in targeted attacks. Forensic firms and malicious actors alike could leverage this flaw to extract data without triggering Apple’s security protocols.

This scenario mirrors 2019’s GrayKey exploits, where law enforcement agencies used similar vulnerabilities to access locked iPhones.

CISA’s advisory follows a pattern of escalating warnings about iOS vulnerabilities, reflecting Apple’s expanding threat landscape. In 2024, the agency flagged three zero-day flaws exploited in mercenary spyware campaigns targeting U.S. entities.

As the March 5 mitigation deadline approaches, CISA’s alert serves as a stark reminder of the persistent threats facing mobile ecosystems.

Users are urged to prioritize device updates and maintain heightened physical security practices until a permanent fix is deployed.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free