Criminals are blasting iPhones and iPads with "sophisticated" attacks
iPad and iPhone users urged to update immediately as advanced new threat to Apple's walled garden emerges.
Once upon a time, far too many people believed that Apple devices simply didn't get viruses.
Those halcyon days are now very much over, with new Apple exploits and vulnerabilities emerging on a worryingly regular cadence.
That sad fact swam into focus once more this week after Cupertino warned that iPhone and iPad users are being targeted in "extremely sophisticated" attacks.
Apple's acolytes have been urged to update their devices immediately or face the consequences.
Cupertino's security team has now patched CVE-2025-24200, which was first reported by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School.
Apple wrote: "A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."
The issue was fixed in iOS 18.3.1 and iPadOS 18.3.1. Get more information here.
"An authorization issue was addressed with improved state management," Apple said.
Do Apple devices get viruses?
Erm, yes. We're asking that question because it's a popular search term. Apple users may feel protected in its walled garden, but the bad guys are always looking for ways to penetrate paradise. Users should be sure to remember what happened to Adam and Eve in their lovely safe garden.
Adam Boynton, Senior Security Strategy Manager EMEIA at Jamf, told Machine: “It’s essential that all iOS users immediately update as a critical security flaw is currently being exploited by criminals.
"By taking advantage of this flaw, an attacker could obtain full admin access to the device, enabling them to impersonate the owner and execute any software on their behalf.
"According to Apple’s advisory, this is not a remotely executable vulnerability. The attacker would most likely need physical control of the user’s device to disable USB Restricted Mode on a locked device. As this is a sophisticated, physical attack, it is likely to target select high-value individuals.
"Although this is a targeted attack, we strongly recommend that all users update their Apple devices to iOS 18.3.1. Keeping devices up to date with the latest patches is one of the most effective ways to safeguard against attackers."
Apple has faced some severe security threats over the years, but among the worst were Pegasus and BlastDoor.
- Pegasus: A highly sophisticated spyware developed by NSO Group, capable of zero-click exploits, allowing attackers to remotely take over iPhones without user interaction. It could access messages, calls, and even turn on the camera and microphone.
- BlastDoor bypass (CVE-2021-30860): A zero-day flaw in iMessage that allowed attackers to execute code remotely by simply sending a malicious message, bypassing Apple’s security sandbox.
Have you got a story or insights to share? Get in touch and let us know.
