CVE-2025-24200 - Apple iOS and iPadOS Incorrect Authorization Vulnerability

Vulnerability Name

Apple iOS and iPadOS Incorrect Authorization Vulnerability

Description

Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.apple.com/en-us/122173

https://nvd.nist.gov/vuln/detail/CVE-2025-24200

Related News Articles

iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)June 13, 2025

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon SpywareJune 13, 2025

Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted AttacksApril 17, 2025

Apple fixes two zero-days exploited in targeted iPhone attacksApril 17, 2025

Apple backports zero-day patches to older iPhones and MacsApril 1, 2025