Apple Patches Critical iOS Vulnerability Exploited in Targeted Attacks

Apple has rolled out a security update to address a critical vulnerability (CVE-2025-24200) that may have been used in highly sophisticated attacks against specific individuals. While Apple has not disclosed further details about the targets or attackers, the flaw could allow physical exploits to bypass USB Restricted Mode on locked devices.

USB Restricted Mode is designed to prevent unauthorized data access by disabling data connections through the Lightning port if the device has been locked for over an hour. This security feature makes it harder for threat actors to extract data from an iPhone without the necessary credentials.

The patch applies to several Apple devices, including:

• iPhone XS and later
• iPad Pro 13-inch
• iPad Pro 12.9-inch (3rd gen and later)
• iPad Pro 11-inch (1st gen and later)
• iPad Air (3rd gen and later)
• iPad (7th gen and later)
• iPad mini (5th gen and later)

Apple urges users to update immediately to prevent potential exploitation. While this flaw was likely leveraged by advanced spyware vendors like Pegasus for high-profile targets, its public disclosure raises the risk of copycat attacks. Users can confirm their update status via Settings to ensure their devices are protected.