Apple releases emergency update iOS 18.3.1 and iPadOS 18.3.1 to fix actively exploited flaw

Apple has released an emergency security updates iOS 18.3.1 and iPadOS 18.3.1 on February 10, 2025, to address a zero-day vulnerability that was actively exploited in targeted attacks.

The critical severity vulnerability is tracked as CVE-2025-24200 (CVSS score 7.5) and affects the USB Restricted Mode feature, a security mechanism introduced in iOS 11.4.1 that blocks USB accessories from creating data connections when a device has been locked for over an hour. 

This feature was originally designed to prevent unauthorized data extraction using forensic tools like Graykey and Cellebrite, commonly employed by government agencies (both law enforcement and spy agencies).

The security flaw could allow an attacker with physical access to a locked device to disable the USB Restricted Mode protection. Apple has confirmed that this vulnerability was exploited in "extremely sophisticated" targeted attacks against specific individuals. The company addressed this authorization issue by implementing improved state management in the latest updates.

Affected devices include:

• iPhone XS and later
• iPad Pro 13-inch
• iPad Pro 12.9-inch (3rd generation and later)
• iPad Pro 11-inch (1st generation and later)
• iPad Air (3rd generation and later)
• iPad (7th generation and later)
• iPad mini (5th generation and later)
• iPad Pro 12.9-inch (2nd generation)
• iPad Pro 10.5-inch
• iPad (6th generation)

While there have been no confirmed reports of widespread exploitation, the targeted nature of the attacks and their sophistication level are concerning enough for Apple to release an emergency update. The company recommends immediate installation to prevent potential ongoing attack attempts.