CVE-2025-24200 - Apple iOS and iPadOS Incorrect Authorization Vulnerability

Vulnerability Name

Apple iOS and iPadOS Incorrect Authorization Vulnerability

Description

Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.apple.com/en-us/122173

https://nvd.nist.gov/vuln/detail/CVE-2025-24200

Related News Articles

Apple backports zero-day patches to older iPhones and iPadsSeptember 16, 2025

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted AttacksAugust 21, 2025

Apple fixes new zero-day flaw exploited in targeted attacksAugust 21, 2025

Apple patches security flaw exploited in Chrome zero-day attacksJuly 31, 2025

iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)June 13, 2025