Urgent iOS Update Patches Major Security Bug

February 11, 2025
|In Cybersecurity News
|By Diego MacCastrillon

Apple Addresses a Serious Security Risk | Urgent iOS Update

Apple has released an emergency security Urgent iOS Update to fix a major vulnerability that has been actively exploited by attackers. The flaw, labeled CVE-2025-24200, is an authorization issue that could allow hackers with physical access to an iPhone or iPad to bypass an important security feature known as USB Restricted Mode.

You might be interested in: Apple Delivers Urgent Security Patches

This discovery has raised concerns about how attackers, including government agencies or cybercriminals, could use this loophole to access sensitive data from locked devices.

What Is USB Restricted Mode and Why Does It Matter?

Apple introduced USB Restricted Mode in iOS 11.4.1 as an extra layer of protection against unauthorized access. This feature prevents an iPhone or iPad from communicating with any USB accessory unless the device has been unlocked within the past hour.

The main goal of this feature is to stop digital forensic tools like Cellebrite and GrayKey from unlocking and extracting data from devices. These tools are commonly used by law enforcement agencies, but they have also been used by hackers and government-backed surveillance groups.

The CVE-2025-24200 vulnerability allowed attackers to turn off USB Restricted Mode, making it easier for them to access private data from a locked device. However, this attack requires physical access to the device, meaning it is not a remote hacking threat.

How Apple Fixed the Problem

Apple has confirmed that the flaw was patched by improving how the system handles device states. While Apple did not share detailed technical information about the exploit, the company acknowledged that the flaw was being used in advanced attacks against specific individuals.

Apple also credited Bill Marczak, a well-known security researcher at The Citizen Lab, for discovering and reporting the issue. The Citizen Lab has a history of investigating spyware attacks and tracking how government agencies misuse hacking tools.

Which Devices Need the Urgent iOS Update?

Apple has released security patches for a wide range of iPhones and iPads. If you own one of the following devices, you should update immediately to stay protected.

iOS 18.3.1 and iPadOS 18.3.1 (For Newer Devices)

  • iPhones: iPhone XS and later
  • iPads:
    • iPad Pro 13-inch
    • iPad Pro 12.9-inch (3rd generation and later)
    • iPad Pro 11-inch (1st generation and later)
    • iPad Air (3rd generation and later)
    • iPad (7th generation and later)
    • iPad mini (5th generation and later)

iPadOS 17.7.5 (For Older iPads)

  • iPad Pro 12.9-inch (2nd generation)
  • iPad Pro 10.5-inch
  • iPad (6th generation)

If you’re unsure which iOS or iPadOS version you have, go to Settings > General > Software Update to check for the latest updates.

Why This Urgent iOS Update is Important

This is not the first time Apple has had to quickly release a security fix for an actively exploited vulnerability. Just a few weeks ago, the company patched another security flaw, CVE-2025-24085, which was a Core Media bug that was also being used in attacks.

Security experts warn that hackers and surveillance companies are constantly searching for zero-day vulnerabilities—security holes that Apple has not yet fixed. Once found, these flaws can be used to install spyware, steal personal data, or even monitor a device’s activity.

The Role of Spyware and Surveillance Tools

Many zero-day vulnerabilities are used by commercial spyware developers who sell hacking tools to government agencies, law enforcement, and intelligence organizations. One of the most well-known surveillance tools is Pegasus, developed by the Israeli company NSO Group.

Pegasus is designed to extract data from phones without the user’s knowledge, allowing governments to monitor criminals and terrorists. However, reports have shown that it has also been misused to spy on journalists, activists, and political opponents.

Despite the controversy, NSO Group continues to defend Pegasus, stating that it is only sold to legitimate, vetted government agencies. According to the company’s 2024 Transparency Report, they currently have 54 customers across 31 countries, including:

  • 23 intelligence agencies
  • 23 law enforcement organizations

What Should You Do?

If you own an iPhone or iPad, the most important thing you can do right now is update your device immediately. Security flaws like this one highlight how important it is to keep your software up to date to protect against potential cyberattacks.

To update your device:

  1. Open the Settings app
  2. Tap General
  3. Select Software Update
  4. If an update is available, tap Download and Install

Keeping your device updated is one of the best ways to stay secure against hackers and cyber threats. Apple continues to strengthen its security, but attackers are always looking for new ways to break in—so staying vigilant is key.

Breaches