Brand ClaimErleben, was verbindet

Information on the use of cookies

This website uses only the technically necessary cookies to provide you with the best possible service.
Your session is identified by a so-called session cookie in order to maintain your language choice and to allow a comfortable form use. Furthermore, a login is only possible by using a cookie.
Further information can be found in the data protection information.

Accept

Advisory 2025-0266 - Apple iOS: Vulnerability allows bypassing security measures

Achtung: You can now also find information from the Vulnerability Advisory Service in the CTI portal!
The CTI portal is available at the following address: https://cti-portal.telekom.net/advisories/2025-0266
Notice: This advisory is by exception shown completely public. You will regularly receive details on vulnerability information as a customer via your login or through our daily advisory e-mail.
2
Attack probability
low-medium
4
Potential damage
medium-high
physical attackerExploit available
Date
2025-02-11
Release
2025-04-01 UPDATE

Operating System

  • iPhoneOS

Software

  • Apple iOS < 18.3.1
  • Apple iPadOS < 17.7.5
  • Apple iPadOS < 18.3.1
  • UPDATE 2025-04-01
  • Apple iOS < 15.8.4
  • Apple iOS < 16.7.11
  • Apple iPad < 15.8.4
  • Apple iPadOS < 16.7.11

Attack

An attacker with physical access can exploit a vulnerability in Apple iOS and Apple iPadOS in order to bypass security measures.

Description

Apple iOS (formerly iPhone OS) is the operating system of the smartphone iPhone, iPad and iPod Touch, which is developed by Apple Inc. Apple iPadOS is the operating system of the iPad, which is developed by Apple Inc.

CVE-2025-24200

There is a vulnerability in Apple iOS and Apple iPadOS that has not been described in detail. An attacker with physical access to an affected device can disable or bypass the "USB Restricted Mode" and thereby access data on a locked device.

CVSSv2 Base Score: 5.6 / Temporal Score: 4.9
AV:L/AC:H/AU:N/C:C/I:C/A:N/E:H/RL:OF/RC:ND
CVSSv3.1 Base Score: 6.8 / Temporal Score: 6.5
AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:H/RL:O/RC:X

Apple reports active exploitation of this vulnerability.

Recommendation

Apple provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://support.apple.com/en-us/122173
https://support.apple.com/en-us/122174

UPDATE 2025-04-01
https://support.apple.com/en-us/122346
https://support.apple.com/en-us/122345

Information

Apple Security Advisory dated 2025-02-10
https://support.apple.com/en-us/122173

Apple Security Advisory dated 2025-02-10
https://support.apple.com/en-us/122174

UPDATE 2025-04-01

Apple Security Advisory 122346 dated 2025-03-31
https://support.apple.com/en-us/122346

Apple Security Advisory 122345 dated 2025-03-31
https://support.apple.com/en-us/122345

References

APPLE:122173
APPLE:122174
APPLE:122345
APPLE:122346
CVE:CVE-2025-24200

Disclaimer

*The probability of an attack is determined by the attacker's motivation, the necessary expend and the possibilities for an attack. The damage probability is determined by the expend needed to resolute the attack and probable indirect consequences of an attack for business processes. Telekom Security assumes worst case scenarios.

Copyright © 1999-2025 Deutsche Telekom Security GmbH. All rights reserved. Reproduction and distribution of this publication in any form - even in parts - without prior written permission is forbidden.

The information contained herein has been obtained from sources believed to be reliable and trusted or have been verified. Telekom Security can take liability for completeness, accuracy and correctness only in so far, as gross negligence or intention create liability. Any liability beyond it, in particular possible damages resulting from using or non-usability of the information contained herein, is excluded.