Apple has urgently released an emergency security update for iPhones and iPads—iOS 18.3.1 and iPadOS 18.3.1—warning users about a critical zero-day vulnerability that has already been actively exploited in “extremely sophisticated” targeted attacks. The company has strongly urged all users to install the update immediately to prevent potential security breaches.
The vulnerability tracked as CVE-2025-24200, was initially discovered and reported by Bill Marczak of Citizen Lab, a cybersecurity research group that has uncovered various spyware-related exploits in the past. According to Apple, this flaw is an authorization issue that allows attackers to bypass key security measures, particularly USB Restricted Mode, which is designed to prevent unauthorized access to locked devices.
USB Restricted Mode was first introduced in iOS 11.4.1 as a security feature that blocks USB accessories from establishing a data connection if the device has been locked for more than an hour. However, the recently discovered flaw enables attackers to disable this protection, thereby exposing sensitive data stored on the device. Apple has explicitly warned that this vulnerability could be exploited in scenarios where hackers gain direct physical access to a user’s iPhone or iPad, making it particularly dangerous for individuals at high risk of targeted attacks, such as journalists, activists, business executives, and government officials.
The issue affects a wide range of Apple devices, including the iPhone XS and later models, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later). Even older devices, such as the iPad Pro 12.9-inch (2nd generation), iPad Pro 10.5-inch, and iPad (6th generation), are also impacted, making the update critical for a large number of users.
Apple has swiftly rolled out a fix for this exploit in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5. Given the high risk associated with the vulnerability, users are strongly advised to update their devices as soon as possible to prevent potential attacks.
To install the update, users should ensure they have a stable Wi-Fi connection and sufficient battery life before proceeding. The update process can be completed by opening the “Settings” app, navigating to “General,” selecting “Software Update,” and tapping “Download and Install” if the latest version—iOS 18.3.1, iPadOS 18.3.1, or iPadOS 17.7.5—is available. Once the update is downloaded and installed, the device will automatically restart to apply the security fixes.
Apple frequently issues security updates to address vulnerabilities, but this particular flaw is especially concerning due to its potential use in highly targeted attacks. While Apple has not disclosed specific details about who has been targeted by the exploit, past reports from Citizen Lab indicate that similar vulnerabilities have been used in spyware campaigns against political dissidents, human rights advocates, and high-profile individuals.
Beyond this update, security experts recommend that users enable additional protective measures such as Face ID or Touch ID, strong passcodes, and Apple’s Lockdown Mode, which is specifically designed to provide an extra layer of security for individuals at heightened risk of cyber threats.
As cyberattacks become more sophisticated, timely software updates remain one of the most effective ways to defend against emerging threats. Apple’s latest patch underscores the importance of staying up to date with security releases, especially when vulnerabilities are actively being exploited in real-world attacks. Therefore, users should not delay installing iOS 18.3.1 and iPadOS 18.3.1, as doing so could help safeguard their personal data and prevent unauthorized access to their devices.
