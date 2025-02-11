Apple Releases Urgent Patch for USB VulnerabilityApple Releases Urgent Patch for USB Vulnerability

The vulnerability could allow a threat actor to disable the security feature on a locked device and gain access to user data.

Kristina Beek, Associate Editor, Dark Reading

February 11, 2025

1 Min Read
An iPhone charging on a wooden table
Source: Simon Dack via Alamy Stock Photo

NEWS BRIEF

Apple has released a security update for a vulnerability that the tech giant reports may have been exploited in an "extremely sophisticated attack."

Not only that, but these attacks targeted specific individuals, though Apple has not provided any further information.

The vulnerability, tracked as CVE-2025-24200, could allow for a physical attack to disable USB Restricted Mode on a locked device.

USB Restricted Mode is a feature that makes it more difficult for threat actors to unlock a user's phone. When active, a phone's lightning port will only allow charging after the device has been locked for more than an hour, meaning that if an unauthorized actor attempted to connect a locked iPhone to a device to access its data, they could only do so with the necessary credentials.

The security update to fix this vulnerability is available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch third generation and later, iPad Pro 11-inch first generation and later, iPad Air third generation and later, iPad seventh generation and later, and iPad mini fifth generation and later.

Users of any of these devices should install updates as soon as possible and can check if they're updated to the latest software version by going to their settings.

These kinds of vulnerabilities are usually deployed by commercial spyware vendors, such as Pegasus, to target particular individuals, so the average user shouldn't be concerned about being targeted while the details of the attack remain unpublished. However, if they are published, copycat cybercriminals will try to imitate this attack vector, hence the urgency in updating to the latest version.

Read more about:

News Briefs

About the Author

Kristina Beek, Associate Editor, Dark Reading

Kristina Beek, Associate Editor, Dark Reading

Skilled writer and editor covering cybersecurity for Dark Reading.

See more from Kristina Beek, Associate Editor, Dark Reading
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Human finger pointing to the word "deepseek" in blue on a computer screen with the words "into the unknown" under it
Cyber Risk
DeepSeek AI Fails Multiple Security Tests, Raising Red Flag for BusinessesBiz Beware: DeepSeek AI Fails Multiple Security Tests
byElizabeth Montalbano, Contributing Writer
Feb 11, 2025
4 Min Read
Binary code floating trough space on an angle
Cyberattacks & Data Breaches
Salt Typhoon's Impact on the US & BeyondSalt Typhoon's Impact on the US & Beyond
byMichael McLaughlin, Jillian Cashand 1 more
Feb 11, 2025
4 Min Read
Five heads on matchsticks; flames grew higher toward the right of image
Cybersecurity Operations
Analyst Burnout Is an Advanced Persistent ThreatAnalyst Burnout Is an Advanced Persistent Threat
byWilliam MacMillan
Feb 10, 2025
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events