Apple Releases Urgent Software Patch for USB Vulnerability

Trouble in paradise? Apple released a security update to fix an issue which may expose a security risk. The security risk stems from the USB protocol.

Apple isn’t sharing details about who is being targeted, no surprise there.

The vulnerability, known as CVE-2025-24200, could allow someone with physical access to an iPhone to turn off USB Restricted Mode, even if the device is locked.

USB Restricted Mode is the highest probability of having your device exposed to the security risk. The “restricted mode” is a security feature that stops unauthorized people from accessing an iPhone’s data through the lightning port. When this feature is on, the port only allows charging if the phone has been locked for more than an hour. This makes it harder for hackers to break into a locked phone without the correct login information.

The update is available for iPhone XS and newer models, as well as several iPad models, including iPad Pro 13-inch, iPad Pro 12.9-inch (third generation and later), iPad Pro 11-inch (first generation and later), iPad Air (third generation and later), iPad (seventh generation and later), and iPad mini (fifth generation and later).

If you have one of these devices, please update your software as soon as possible. You can check for updates in your device settings.

These types of security flaws are often used by spyware companies, like Pegasus, to spy on specific people. The average user isn’t at risk right now since the details of the attack haven’t been shared publicly. However, if they do get published, criminals could copy the method, making updates even more important.

A cyberattack on a mobile device happens when hackers try to gain access to a smartphone or tablet to steal information, take control, or cause harm. These attacks can occur in different ways, including malicious apps, phishing scams, security flaws, or even physical access to the device.

Malware is one of the most common threats, where harmful software is installed to steal data, track activity, or take over the device. Phishing attacks trick users into providing personal information or login credentials through fake emails, messages, or websites.