Security researchers provided a deep-dive into a high-profile vulnerability in Apple’s iOS.Designated CVE-2025-24200, the vulnerability is classified as an authentication bypass flaw related to the way iOS devices interact with USB connections. The flaw was made public with the release of iOS 18.3.1, which resolves the issue.Credit for discovery of the vulnerability was given to Citizen Lab.As the vulnerability is now public and a patch available, security experts are able to dissect the issue and explain why it is such a big deal for iOS devices owners. Security consultancy Quarkslab said that the flaw could allow threat actors to bypass USB lockouts.The researchers explained that, under normal circumstances, iOS devices will lock down their USB connector after a period of inactivity. While the device can still draw power from the connection, performing any sort of data interaction should be disabled until the user re-authenticates on the device.“This is essential to mitigate sophisticated attacks involving external devices such as forensic extractors,” the Quarkslab team explained.“Being able to bypass this mechanism from the lock screen would restore the possibility to use such devices.”Such forensic extractors are a favored tool of both national and local law enforcement agencies looking to access locked devices during criminal investigations.While many of the vendors who sell the devices claim a strict code of ethics, forensic extractors have been found in the hands of oppressive government regimes looking to illegally spy on opposing activists and journalists.In this case, the vulnerability is present in the way the iOS Assistive Touch feature reacts to USB connections. It was found that a specially crafted script would be able to bring up an alert notice which, when clicked, would automatically disable or sidestep many of the restrictions on data connections.In practice, this would allow any device with a “Made for iPhone” designation to access those protocols and extract data from the device even if the user has not performed an unlock.“While the device is in restricted mode, the USB protocol is completely disabled. However, other protocols can be used freely over the lightning port. This is for instance the case of the iAP2 protocol that can be used by MFi devices,” the Quarkslab team explained.“That is why we think plugging this kind of device to an iPhone with Switch Control enabled may be enough to make the popup appear and disable USB restricted mode from the lock screen before iOS 18.3.1.”Users and administrators are advised to update all iOS devices to the 18.3.1 update to remedy the vulnerability.
