Apple has issued critical security updates to address a zero-day vulnerability that was exploited in sophisticated, targeted attacks. The vulnerability, tracked as CVE-2025-24200, affects USB Restricted Mode, a security feature that prevents unauthorized data access through USB accessories on locked devices.

Key Points:
– The vulnerability could disable USB Restricted Mode through physical device access
– Affects iPhone XS and later models, various iPad Pro generations, iPad Air (3rd gen+), and iPad mini (5th gen+)
– Discovered by Citizen Lab’s Bill Marczak
– Fixed in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5

Security Impact:
The flaw potentially compromises USB Restricted Mode, a crucial security feature introduced in iOS 11.4.1 that blocks forensic tools from extracting data from locked devices. This comes shortly after Apple’s introduction of “inactivity reboot,” another security measure that automatically restarts devices to enhance data protection.

Recent Security History:
– 2024: Six zero-day vulnerabilities patched
– 2023: Twenty zero-day vulnerabilities addressed
– Notable recent fixes include the BLASTPASS exploit chain used to deploy Pegasus spyware

Users are strongly advised to install the latest security updates immediately to protect against potential exploitation, even though the attacks were targeted at specific individuals.