Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of a Zero-Day Vulnerability in Apple Products
Alerts

Active Exploitation of a Zero-Day Vulnerability in Apple Products

11 February 2025

Apple has released security updates addressing a zero-day vulnerability (CVE-2025-24200) affecting their products. This vulnerability is reportedly being actively exploited.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to disable USB Restricted Mode on the vulnerable device. After disabling the USB Restricted Mode, the attacker could gain unauthorised access to the device's data through USB connections.

The vulnerabilities affect the following products:

  • iPhone XS and later

  • iPad Pro 13-inch

  • iPad Pro 12.9-inch 3rd generation and later

  • iPad Pro 11-inch 1st generation and later

  • iPad Pro 12.9-inch 2nd generation

  • iPad Pro 10.5-inch

  • iPad Air 3rd generation and later

  • iPad mini 5th generation and later

  • iPad 7th generation and later

  • iPad 6th generation

Users and administrators of affected products are advised to update to the latest versions immediately.

Users are also strongly encouraged to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:

https://support.apple.com/en-us/122173 

https://support.apple.com/en-us/122174

https://nvd.nist.gov/vuln/detail/CVE-2025-24200

https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-day-exploited-in-extremely-sophisticated-attacks/