- Spotlight on Success: EMEA Customers Recognized at Cisco Live Amsterdam 2025
- This Dell Inspiron is one of the most versatile, well-rounded laptops I've tested
- I tried Asus' dual-screen laptop, and it revitalized my workflow in the best way
- I found the most private and secure way to browse the web - and it isn't incognito mode
- Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks
Apple Update Mitigates “Extremely Sophisticated” Zero-Day Exploit
Apple iPhone and iPad users have been urged to update their devices after the company released a new security update designed to fix a zero-day vulnerability being exploited in the wild.
CVE-2025-24200 was discovered by Bill Marczak of the University of Toronto’s Munk School. The university’s globally renowned academic research group The Citizen Lab has discovered countless zero-day threats in the past, many of which were developed by commercial spyware makers and possibly used by nation states.
Apple’s description of the attack seems to bear this out.
“A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individual,” it noted.
Read more on iOS patches: Apple Issues Emergency Patches for More Zero-Day Bugs
The updates, iOS 18.3.1 and iPadOS 18.3.1, are available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
It fixes the “authorization issue” discovered by Marczak with “improved state management.”
The Citizen Lab discovered many of the 20 zero-days patched by Apple in 2023, including the “BlastPass” exploit chain comprising CVE-2023-41064 and CVE-2023-41061, which were used to deliver the Pegasus spyware from blacklisted Israeli firm NSO Group.
That same month, Marczak and Google’s Maddie Stone helped to find a further three iOS zero-days being actively exploited in the wild: CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993.
Last year was a quieter one in terms of Apple zero-day bugs, with only a handful discovered.
However, the tech giant was forced to update its documentation in April 2024 to reflect the elevated threat from mercenary spyware.
Adam Boynton, senior security strategy manager EMEIA at Jamf, urged all iOS users to upgrade their smartphones and tablets immediately – even though an exploit would likely require physical access to a device.
“By taking advantage of this flaw, an attacker could obtain full admin access to the device, enabling them to impersonate the owner and execute any software on their behalf,” he explained. “Keeping devices up to date with the latest patches is one of the most effective ways to safeguard against attackers.”
Image credit: Farknot Architect / Shutterstock.com
