New Update Apple fixes zero-day exploited in 'extremely sophisticated' attacks

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,601
Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks.

"A physical attack may disable USB Restricted Mode on a locked device," the company revealed in an advisory targeting iPhone and iPad users.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."

The vulnerability (tracked as CVE-2025-24200 and reported by Citizen Lab's Bill Marczak) is an authorization issue addressed in iOS 18.3.1 and iPadOS 18.3.1 with improved state management.

The list of devices this zero-day impacts includes:
  • iPhone XS and later,
  • iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Even though this vulnerability was only exploited in targeted attacks, it is highly advised to install today's security updates immediately to block potentially ongoing attack attempts.
Click to expand...
www.bleepingcomputer.com

Apple fixes zero-day exploited in 'extremely sophisticated' attacks

Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Like
Reactions: Sorrento, simmerskool and silversurfer
Vitali Ortzi

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,891
physical attack may disable USB Restricted Mode on a locked device
They probably found it in an active attack since Citizen Lab already reported other atp actively used attacks

Usually it's always some software governments contract from Israeli companies and I wouldn't be surprised if it's the same here
If that's the stuff allowed to be sold and used overseas who knows what exploit kits Israel keeps for itself


No wonder Hezbollah moved from iphones to pagers but even then a supply chain attack made sure every pager was a bomb and the main station used to send messages to the pagers was compromised too


Not sure what Israel can't "hack" as they can just implant spying, explosives into "unhackable devices"

Thankfully Israel is on the western free society side and is a mainly defensive force
As if terrorists had this tech we probably would all gone to the stone age in order to stay secure
 
Last edited:
  • Wow
  • Like
  • Hundred Points
Reactions: Sorrento, Game Of Thrones and simmerskool

Similar threads

enaph
    • Like
    • +Reputation
New Update Apple releases final iOS 17.5 build
Replies
1
Views
727
macOS, iOS & iPadOS
Bot
Bot
Gandalf_The_Grey
    • Like
    • +Reputation
New Update Apple Intelligence Arrives in iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1
Replies
5
Views
528
macOS, iOS & iPadOS
oldschool
oldschool
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
New Update Apple discloses 2 new zero-days exploited to attack iPhones, Macs
Replies
1
Views
2,762
macOS, iOS & iPadOS
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top