Cyber Security News

CISA Warns of Active Exploitation of Apple iOS & iPadOS Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning of active exploitation of a critical security flaw in Apple’s iOS and iPad operating systems.

Tracked as CVE-2025-24200, the vulnerability permits attackers with physical access to bypass critical security protections on locked devices, escalating risks of unauthorized data access and potential device compromise.

Vulnerability Details and Impact

The flaw stems from an incorrect authorization vulnerability (CWE-863) in Apple’s mobile operating systems.

Attackers exploiting this weakness can disable USB Restricted Mode—a security feature that limits USB connectivity for locked devices after one hour of inactivity—thereby bypassing safeguards designed to prevent brute-force passcode attempts or unauthorized data transfers.

This vulnerability is particularly concerning for high-risk individuals, such as journalists, activists, and corporate executives, whose devices may contain sensitive information.

CISA confirmed the vulnerability’s active exploitation in the wild but noted that its linkage to ransomware campaigns remains unverified.

The agency added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on February 12, 2025, mandating federal agencies to apply mitigations by March 5, 2025. Private-sector organizations and individuals are strongly advised to follow suit.

Apple has not publicly commented on whether a patch is in development, but CISA’s advisory instructs users to apply vendor-provided updates immediately upon release.

If mitigations are unavailable, the agency recommends discontinuing use of vulnerable devices—a drastic measure underscoring the flaw’s severity.

Security experts emphasize the urgency of addressing this vulnerability. “USB Restricted Mode is a cornerstone of iOS security,” said Jane Harper, a mobile security researcher at Kaspersky.

“Its compromise could expose millions of users to clandestine data theft or device manipulation, particularly if their phones are stolen.”

The exploit’s physical-access requirement narrows its applicability but heightens risks in targeted attacks. Forensic firms and malicious actors alike could leverage this flaw to extract data without triggering Apple’s security protocols.

This scenario mirrors 2019’s GrayKey exploits, where law enforcement agencies used similar vulnerabilities to access locked iPhones.

CISA’s advisory follows a pattern of escalating warnings about iOS vulnerabilities, reflecting Apple’s expanding threat landscape. In 2024, the agency flagged three zero-day flaws exploited in mercenary spyware campaigns targeting U.S. entities.

As the March 5 mitigation deadline approaches, CISA’s alert serves as a stark reminder of the persistent threats facing mobile ecosystems.

Users are urged to prioritize device updates and maintain heightened physical security practices until a permanent fix is deployed.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…

7 hours ago

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…

7 hours ago

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…

7 hours ago

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised…

7 hours ago

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models…

8 hours ago

Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default…

8 hours ago