CISA Warns of Active Exploitation of Apple iOS & iPadOS Vulnerability – GBHackers

Published onThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning of active exploitation of a critical security flaw in Apple’s iOS and iPad operating systems.Tracked as CVE-2025-24200, the vulnerability permits attackers with physical access to bypass critical security protections on locked devices, escalating risks of unauthorized data access and potential device compromise.The flaw stems from an incorrect authorization vulnerability (CWE-863) in Apple’s mobile operating systems.Attackers exploiting this weakness can disable USB Restricted Mode—a security feature that limits USB connectivity for locked devices after one hour of inactivity—thereby bypassing safeguards designed to prevent brute-force passcode attempts or unauthorized data transfers.This vulnerability is particularly concerning for high-risk individuals, such as journalists, activists, and corporate executives, whose devices may contain sensitive information.CISA confirmed the vulnerability’s active exploitation in the wild but noted that its linkage to ransomware campaigns remains unverified.🛡️ We added Apple iOS & iPadOS vulnerability CVE-2025-24200 and Mitel SIP Phones vulnerability CVE-2024-41710 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/dOIn6I9vuB & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec pic.twitter.com/iNtpmlxsGNThe agency added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on February 12, 2025, mandating federal agencies to apply mitigations by March 5, 2025. Private-sector organizations and individuals are strongly advised to follow suit.Apple has not publicly commented on whether a patch is in development, but CISA’s advisory instructs users to apply vendor-provided updates immediately upon release.If mitigations are unavailable, the agency recommends discontinuing use of vulnerable devices—a drastic measure underscoring the flaw’s severity.Security experts emphasize the urgency of addressing this vulnerability. “USB Restricted Mode is a cornerstone of iOS security,” said Jane Harper, a mobile security researcher at Kaspersky.“Its compromise could expose millions of users to clandestine data theft or device manipulation, particularly if their phones are stolen.”The exploit’s physical-access requirement narrows its applicability but heightens risks in targeted attacks. Forensic firms and malicious actors alike could leverage this flaw to extract data without triggering Apple’s security protocols.This scenario mirrors 2019’s GrayKey exploits, where law enforcement agencies used similar vulnerabilities to access locked iPhones.CISA’s advisory follows a pattern of escalating warnings about iOS vulnerabilities, reflecting Apple’s expanding threat landscape. In 2024, the agency flagged three zero-day flaws exploited in mercenary spyware campaigns targeting U.S. entities.As the March 5 mitigation deadline approaches, CISA’s alert serves as a stark reminder of the persistent threats facing mobile ecosystems.Users are urged to prioritize device updates and maintain heightened physical security practices until a permanent fix is deployed.Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for FreeRecent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.Discussion points
Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.CompanyTrendingCategoriesCopyright @ 2016 – 2024 GBHackers On Security – All Rights Reserved

Source: https://gbhackers.com/cisa-warns-apple-exploitation/