Apple on Monday released security updates outside the range to resolve security lack of iOS and iPados, which, he said, were used in the wild.
Assigned ID CVE Cve-2025-24200The vulnerability was described as a permit issue that can make it possible for a malicious actor to disable the limited USB mode on a blocked device within the cyber -physical attack.
This suggests that attackers require physical access to the device for use. Entered in iOS 11.4.1, USB with limited mode prevents The Apple iOS and iPados device from communicating with an connected accessory if it has not been unlocked and connected to the accessory over the last hour.
The function is considered as an attempt to prevent such digital forensic tools as Cellbrite or The gray keyWhich are mainly used by law enforcement agencies, from obtaining an unauthorized entry to the seized device and extracting sensitive data.
According to the recommendations of this kind, there are currently no other details about the lack of security. The iPhone manufacturer said the vulnerability was resolved with improving the state rule.
However, Apple acknowledged that “he was aware of the report that this issue may have been used in an extremely difficult attack on specific targets.”
Security researcher Bill Markchak from a civil laboratory at the Toronto University School is attributed to the detection and shortcoming report.
Update is available for subsequent devices and operating systems –
- iOS 18.3.1 and iPados 18.3.1 -iphone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch generation, and later, iPad Pro 11-inch Generation, and later, iPad Air 3rd generation, and later, iPad 7th generation and later, and iPad mini 5-generation and later
- IPados 17.7.5 -ipad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch and iPad 6th generation
Development occurs a few weeks after Cupertino decided Another disadvantage of safety, a mistake without the use of mainly media companies (CVE-2025-24085), which it revealed as exploitation against iOS 17.2 versions.
Zero days in Apple software were first and foremost armed According to a commercial observation viewer for the deployment of complex programs that can extract data from the victim devices.
While these tools such as the NSO group Pegasusare sold as “technology that saves life” and fights serious criminal activity as a way to bypass the so -called The problem is “dark”They were also abused by spy members.
For its part, the NSO group once again confirmed that Pegasus is not a massive observation tool and that it is licensed “legal, proven by intelligence and law enforcement.”
In it Repair Report for 2024.The Israeli company said it serves 54 clients in 31 countries, 23 of which are special services, and 23 more law enforcement agencies.
