InfoSecBulletin Cybersecurity for mankind
CISA has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, known as CVE-2025-24200, which is currently being exploited in targeted attacks.
An authorization bypass flaw in Apple’s USB Restricted Mode allows attackers with physical access to turn off security protections on locked devices, risking exposure of sensitive data. The flaw is due to an incorrect authorization vulnerability (CWE-863) in Apple’s mobile operating systems.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
Attackers can disable USB Restricted Mode, a security feature that limits USB access for locked devices after an hour of inactivity. This allows them to bypass protections against unauthorized data transfers and brute-force passcode attempts.
This vulnerability is especially worrisome for high-risk individuals like journalists, activists, and corporate executives, as their devices often hold sensitive information.
CISA confirmed the vulnerability is actively being exploited, but its connection to ransomware campaigns is not yet verified.
The agency included the flaw in its Known Exploited Vulnerabilities (KEV) catalog on February 12, 2025, requiring federal agencies to implement mitigations by March 5, 2025. Private-sector organizations and individuals are also urged to take similar action.
Apple has not confirmed if a patch is being developed, but CISA advises users to apply updates as soon as they’re available.
