6.1

CVE-2025-24200

Warnung
Medienbericht
An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiPadOS Version < 15.8.4
AppleiPadOS Version >= 16.0 < 17.7.5
AppleiPadOS Version >= 18.0 < 18.3.1
AppleiPhone OS Version < 15.8.4
AppleiPhone OS Version >= 16.0 < 18.3.1

12.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple iOS and iPadOS Incorrect Authorization Vulnerability

Schwachstelle

Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 37.61% 0.97
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 0.9 5.2
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 0.9 5.2
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://support.apple.com/en-us/122173
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122174
Vendor Advisory
Release Notes
http://seclists.org/fulldisclosure/2025/Feb/7
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2025/Feb/8
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2025/Apr/7
Third Party Advisory
Mailing List