Apple is warning users of a security vulnerability in iPhones and iPads that may have been used in an “extremely sophisticated attack”. The iPhone maker has already issued patches to fix the issue in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5. Updates are available for iPhone XS and later, as well as iPad Pro, Air, and Mini models.
The vulnerability lies in the USB Restricted Mode feature Apple revealed in 2018. The feature disables Lightning or USB ports on iPhones or iPads if locked for longer than an hour. This helps protect against attacks that could be carried over a cable, allowing only power to pass through and hence keep the devices charging without a data connection. Once a user unlocks their device, the port starts functioning as usual.
It was reported to Apple by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and has been assigned a CVE ID of CVE-2025-24200. Apple’s advisory said the issue was fixed with “improved state management.”
In a typical fashion, the company didn’t disclose any details about the vulnerability, the attack vector, or any other technical information. It was, however, exceptionally verbal about the flaw’s impact, clearly stating that Apple is aware of a report “that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
Regardless, any devices that aren’t running the latest version of iOS or iPadOS are vulnerable. As mentioned before, the update is available for Phone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
In the News: Instagram teen accounts rolled out in India
