Apple has issued critical out-of-band security updates to address a vulnerability (CVE-2025-24200) affecting iOS and iPadOS devices. The security flaw, which has been confirmed to be exploited in the wild, could allow attackers with physical access to disable USB Restricted Mode on locked devices.

USB Restricted Mode, introduced in iOS 11.4.1, is a security feature that prevents device communication with connected accessories if the device hasn’t been unlocked within the past hour. This measure was designed to prevent unauthorized access through digital forensics tools like Cellebrite or GrayKey.

The vulnerability was discovered by Bill Marczak from The Citizen Lab at The University of Toronto’s Munk School. Apple has implemented improved state management to address the issue, noting that it was used in “an extremely sophisticated attack against specific targeted individuals.”

Affected Devices and Updates:
– iOS 18.3.1 and iPadOS 18.3.1: iPhone XS and later, recent iPad Pro models, newer iPad Air and iPad mini versions
– iPadOS 17.7.5: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation

This update follows a recent patch for another actively exploited vulnerability (CVE-2025-24085) in the Core Media component. Such vulnerabilities have historically been used by surveillance software vendors, including NSO Group’s Pegasus, which claims to serve 54 customers across 31 countries, primarily intelligence and law enforcement agencies.