Apple Fixes Zero-Day Exploited In 'Extremely Sophisticated' Attacks (bleepingcomputer.com) 8
Apple has released emergency security updates for iOS 18.3.1 and iPadOS 18.3.1 to patch a zero-day vulnerability (CVE-2025-24200) that was exploited in "extremely sophisticated," targeted attacks. The flaw, which allowed a physical attack to disable USB Restricted Mode on locked devices, was discovered by Citizen Lab and may have been used in spyware campaigns; users are strongly advised to install the update immediately. BleepingComputer reports: USB Restricted Mode is a security feature (introduced almost seven years ago in iOS 11.4.1) that blocks USB accessories from creating a data connection if the device has been locked for over an hour. This feature is designed to block forensic software like Graykey and Cellebrite (commonly used by law enforcement) from extracting data from locked iOS devices.
In November, Apple introduced another security feature (dubbed "inactivity reboot") that automatically restarts iPhones after long idle times to re-encrypt data and make it harder to extract by forensic software. The zero-day vulnerability (tracked as CVE-2025-24200 and reported by Citizen Lab's Bill Marczak) patched today by Apple is an authorization issue addressed in iOS 18.3.1 and iPadOS 18.3.1 with improved state management.
The list of devices this zero-day impacts includes: - iPhone XS and later,
- iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
In November, Apple introduced another security feature (dubbed "inactivity reboot") that automatically restarts iPhones after long idle times to re-encrypt data and make it harder to extract by forensic software. The zero-day vulnerability (tracked as CVE-2025-24200 and reported by Citizen Lab's Bill Marczak) patched today by Apple is an authorization issue addressed in iOS 18.3.1 and iPadOS 18.3.1 with improved state management.
The list of devices this zero-day impacts includes: - iPhone XS and later,
- iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Also not mentioned (Score:2)
MacOS Sonoma 14.7.4 and Ventura 13.7.4 also dropped at the same time - so while Apple and the article are silent on this, it seems likely the older OSes are also vulnerable.
This must be a big deal since Apple has typically (and annoyingly) been rather lax about patching their still-supported older OSes for the past couple of years.
Re: (Score:3)
Basically all the iOS, iPadOS (including an update 17.7.5), and macOS variants received updates today.
https://support.apple.com/en-u... [apple.com]
Re: (Score:2)
Also, no pulished CVE entries according to https://support.apple.com/en-u... [apple.com].
Faraday Detection (Score:2)
What we really need is an update that detects the phone being inside of a faraday bag so it can wipe itself and blow fuses inside the enclave if so desired.
Easy peasy to implement.
Activation Lock bypass? (Score:1)
Not a lot of details about this out there, but I do wonder if it can be used to bypass activation lock on an ipad. I have a friend's iPad 8 that belonged to his dead brother, and he can't access the contents. He said he wanted to try to get in without wiping first. There are all sorts of dodgy Chinese software tools that show up when you look in search engines. I suggested making an appointment at the Apple Store and showing up with the death certificate, but he offered to let me try my hand at getting in.
iOS 18.3.1 update is Too Big ! (Score:2)