CVE-2025-24200 - Apple iOS and iPadOS Incorrect Authorization Vulnerability
Project:Apple
Product:iOS and iPadOS
Date Added:2025-02-12Due Date:2025-03-05
Vulnerability Name
Apple iOS and iPadOS Incorrect Authorization Vulnerability
Description
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://support.apple.com/en-us/122173
https://nvd.nist.gov/vuln/detail/CVE-2025-24200
Related News Articles
Apple backports zero-day patches to older iPhones and MacsApril 1, 2025
Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS DevicesApril 1, 2025
Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted AttacksMarch 12, 2025
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacksMarch 12, 2025
Serbian police used Cellebrite zero-day hack to unlock Android phonesMarch 1, 2025
