Vulnerability Management

Apple Fixes Actively Exploited iOS, iPadOS, Zero-Day Flaw

Apple fixes actively exploited zero-day. (Adobe Stock)

Updates have been issued by Apple to fix an iOS and iPadOS zero-day flaw, tracked as CVE-2025-24200, thought to have been leveraged in advanced targeted intrusions that deactivated locked devices' USB Restricted Mode functionality, Security Affairs reports.

The vulnerability — which was discovered and reported by The Citizen Lab at the University of Toronto Munk School of Global Affairs — affects iPhone XS and later, iPad 7th generation and later, iPad mini 5th generation and later, all iPad Pro 11-inch generations, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd gen and later, and iPad Air 3rd generation and later.

Additional details regarding the attacks were not provided by Apple but findings from Citizen Lab suggest the zero-day exploitation to facilitate commercial spyware compromise. The development comes more than a year after Citizen Lab researchers reported attacks involving the BLASTPASS exploit combining the Apple zero-days CVE-2023-41064 and CVE-2023-41061 to spread NSO Group's Pegasus spyware.

You can skip this ad in 5 seconds

Cookies

This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you.

If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies.