Updates have been issued by Apple to fix an iOS and iPadOS zero-day flaw, tracked as CVE-2025-24200, thought to have been leveraged in advanced targeted intrusions that deactivated locked devices' USB Restricted Mode functionality, Security Affairs reports.The vulnerability — which was discovered and reported by The Citizen Lab at the University of Toronto Munk School of Global Affairs — affects iPhone XS and later, iPad 7th generation and later, iPad mini 5th generation and later, all iPad Pro 11-inch generations, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd gen and later, and iPad Air 3rd generation and later.Additional details regarding the attacks were not provided by Apple but findings from Citizen Lab suggest the zero-day exploitation to facilitate commercial spyware compromise. The development comes more than a year after Citizen Lab researchers reported attacks involving the BLASTPASS exploit combining the Apple zero-days CVE-2023-41064 and CVE-2023-41061 to spread NSO Group's Pegasus spyware.
Vulnerability Management
Apple Fixes Actively Exploited iOS, iPadOS, Zero-Day Flaw
Apple fixes actively exploited zero-day. (Adobe Stock)
You can skip this ad in 5 seconds