CISA Added Apple iOS Zero-day Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2025-24200)

Posted by Author Diksha Ojha on Posted on

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently acknowledged the active exploitation of a vulnerability impacting Apple iOS and iPadOS devices. Tracked as CVE-2025-24200, the vulnerability may allow attackers to execute code on target systems. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch the flaw before March 5, 2025.

Apple mentioned in the advisory that reports suggest using vulnerability in a highly sophisticated attack against specific targeted individuals.

Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School discovered and reported the vulnerability to Apple.

Vulnerability Details

The authorization flaw requires physical access to the device to exploit the vulnerability successfully. Malicious attackers may exploit the vulnerability to disable USB Restricted Mode on a locked device as part of a cyber physical attack. Apple introduced the USB Restricted Mode in iOS 11.4.1. It prevents an Apple iOS and iPadOS device from communicating with a connected accessory if it has not been unlocked and connected to an accessory within the past hour.

Apple fixed the vulnerability with improved state management.

Affected Products and Versions

  • iPad Pro 10.5-inch
  • iPad 6th generation
  • iPhone XS and later
  • iPad 7th generation and later
  • iPad Air 3rd generation and later
  • iPad Pro 12.9-inch 2nd generation
  • iPad mini 5th generation and later
  • iPad Pro 11-inch 1st generation and later
  • iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later

Mitigation

Apple released the following versions to patch the vulnerabilities:

  • iPadOS 17.7.5
  • iOS 18.3.1 and iPadOS 18.3.1

For more information, please visit the Apple security advisories for iOS and iPadOS.

Qualys Detection

Qualys customers can scan their devices with QIDs 610631 and 610632 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://support.apple.com/en-us/122173
https://support.apple.com/en-us/122174

Leave a Reply

Your email address will not be published. Required fields are marked *