Apple Patches Major Security Flaw Exploited in "Extremely Sophisticated Attacks" – Update Your iPhones Now!

Apple Fixes Critical USB Restricted Mode Flaw Exploited in Targeted Attacks

On February 10, 2025, Apple rolled out emergency patches for iOS 18.3.1 and iPadOS 18.3.1 to address a zero-day vulnerability (CVE-2025-24200) exploited in "extremely sophisticated" physical attacks. Discovered by Citizen Lab’s Bill Marczak, this flaw allowed attackers to bypass USB Restricted Mode on locked devices, potentially exposing sensitive data.

What Is USB Restricted Mode?

Introduced in 2018 (iOS 11.4.1), this feature blocks USB/Lightning port access after one hour of device inactivity. Its purpose: to prevent forensic tools like Cellebrite or Graykey—used by law enforcement—from bypassing iPhone encryption.

How Was the Flaw Exploited?

The exploit required physical access. By connecting to the device, attackers could disable USB Restricted Mode through an authorization flaw in system state management. Apple noted the vulnerability targeted "specific individuals," likely journalists, activists, or dissidents under surveillance by authoritarian regimes.

Apple’s Mitigations

The iOS 18.3.1 update fixes the issue via "improved state management" and applies to iPhone XS and later, along with multiple iPad models (Pro, Air, mini, etc.). Apple also urges users to enable automatic updates for ongoing protection.

Why This Matters

This flaw highlights risks tied to government-grade forensic tools. In December 2024, Amnesty International reported Serbian authorities using Cellebrite to hack journalists’ phones 212. While Apple cooperates with law enforcement, it continues bolstering privacy safeguards.

Recommended Steps

1. Update your device immediately via Settings > General > Software Update.

2. Enable USB Restricted Mode under Face ID/Passcode > Accessories (ensure the toggle is off).

3. Regularly reboot your iPhone to trigger the inactivity reboot (a feature added in 2024)