Apple fixes zero-day exploited in ‘extremely sophisticated’ attacks www.bleepingcomputer.com/news/appl…

Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and “extremely sophisticated” attacks.

“A physical attack may disable USB Restricted Mode on a locked device,” the company revealed in an advisory targeting iPhone and iPad users.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

The vulnerability (tracked as CVE-2025-24200 and reported by Citizen Lab’s Bill Marczak) is an authorization issue addressed in iOS 18.3.1 and iPadOS 18.3.1 with improved state management.