Apple on Monday released an urgent patch for its flagship iOS and iPadOS platforms alongside a warning that a critical security flaw was actively exploited in the wild. 

The security defect, tracked as CVE-2025-24200, allows attackers with physical access to a locked iPhone or iPad to disable USB Restricted Mode – a key protection mechanism – to access unpatched iPhones. 

In a barebones advisory, Cupertino’s security response team confirmed the defect led to “an extremely sophisticated attack against specific targeted individuals.”  The issue has been fixed in iOS 18.3.1 and iPadOS 18.3.1.

As is customary, the company did not release IOCs or any telemetry to help defenders hunt for signs of compromise. The discovery of the exploit was credited to Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School, suggesting the exploit was used for nation-state level surveillance.

USB Restricted Mode is a security feature designed to block data access via an iPhone or iPad’s Lightning/USB-C port when the device has been locked for over an hour. It was introduced to thwart hacking tools that connect via USB to crack a device’s passcode or extract data. 

By disabling the data connection after 60 minutes of inactivity, iOS prevents devices like forensic “phone unlockers” from downloading data through the port – effectively turning the Lightning connector into a charge-only interface until the owner unlocks the phone or explicitly allows a USB accessory.

Apple described the flaw as an “authorization issue” in the operating system’s logic that could let a malicious device or technique turn off USB Restricted Mode without a passcode.

In practical terms, an attacker with physical possession of a locked phone could exploit this bug to re-enable the data port, defeating the one-hour lockout and clearing the way for further intrusion.  

Related: Apple Rolls-Out USB Restricted Mode in iOS

Related: Apple Patches First Exploited iOS Zero-Day of 2025

Related: New iOS Security Feature Reboots Devices to Protect User Data

Related: Can ‘Lockdown Mode’ Solve Apple’s Mercenary Spyware Problem?

Related: Apple Adds ‘Lockdown Mode’ to Thwart .Gov Mercenary Spyware