CVE ID
CVE-2025-24200
Vulnerability Name
Apple iOS and iPadOS Incorrect Authorization Vulnerability
- Project: Apple
- Product: iOS and iPadOS
Date
- Date Added: 2025-02-12
- Due Date: 2025-03-05
Description
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://support.apple.com/en-us/122173 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24200
Related Security News
- Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
- Apple fixes new zero-day flaw exploited in targeted attacks
- Apple patches security flaw exploited in Chrome zero-day attacks
- iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)
- Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
- Apple fixes two zero-days exploited in targeted iPhone attacks
- Apple backports zero-day patches to older iPhones and Macs
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
Top comments (0)