Overview

The Cyber Security Agency of Singapore (CSA) has recently issued a warning regarding the active exploitation of a zero-day vulnerability (CVE-2025-24200) in a range of Apple products. This critical vulnerability is being actively targeted, and Apple has released timely security updates to address the issue. If exploited, the vulnerability could allow attackers to bypass certain security features and gain unauthorized access to sensitive data through USB connections.

The vulnerability, identified as CVE-2025-24200, affects various Apple devices, including iPhones and iPads. Specifically, the issue lies in the USB Restricted Mode, a security feature designed to prevent unauthorized access to a device’s data when it is locked. A successful attack could disable this mode, allowing an unauthenticated attacker to access the device’s data via a USB connection, even if the device is locked.

This flaw has been dubbed a “zero-day vulnerability,” as it was discovered and actively exploited before a patch or security fix was made available. Apple has moved quickly to resolve the issue with new security updates released on February 10, 2025.

Affected Apple Products

The zero-day vulnerability affects a wide range of Apple devices, including the following:

• iPhone XS and later
• iPad Pro 13-inch
• iPad Pro 12.9-inch (3rd generation and later)
• iPad Pro 11-inch (1st generation and later)
• iPad Pro 12.9-inch (2nd generation)
• iPad Pro 10.5-inch
• iPad Air (3rd generation and later)
• iPad mini (5th generation and later)
• iPad 7th generation and later
• iPad 6th generation

Users of the affected devices are strongly advised to update their devices to the latest versions of iOS and iPadOS immediately to mitigate the risk of exploitation.

Apple’s Response and Security Updates

Apple addressed the issue in their latest updates, which were included in iOS 18.3.1 and iPadOS 18.3.1 for affected iPhones and iPads, as well as in iPadOS 17.7.5 for certain iPad models. These updates were released on February 10, 2025, and contain patches that resolve the USB Restricted Mode bypass.

In their official release notes, Apple explained that the vulnerability was the result of an authorization issue that has now been addressed through improved state management. Apple also acknowledged that this vulnerability may have been exploited in targeted attacks against specific individuals, particularly those in high-risk environments. The details surrounding these attacks remain vague, but they indicate the severity of the issue.

The CSA urges users and administrators of affected Apple devices to take immediate action by updating to the latest software versions. Users are encouraged to enable automatic software updates by navigating to Settings > General > Software Updates > Enable Automatic Updates to ensure future security patches are applied without delay.

Conclusion

The CVE-2025-24200 vulnerability highlights the need for constant vigilance against cyber threats, especially those targeting mobile devices and critical infrastructure. Exploiting zero-day vulnerabilities can lead to unauthorized data access and privacy breaches. This incident highlights the importance of maintaining strong cybersecurity practices, such as timely updates and proactive monitoring. The Cyber Security Agency of Singapore advises users to stay informed and secure their devices to protect against cyber threats, reinforcing the need for comprehensive cybersecurity strategies to protect sensitive data.

References

• https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-013
• https://support.apple.com/en-us/122173
• https://support.apple.com/en-us/122174

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.