Critical Zero-Day in iOS Exposed; Urgent Patching Required

On February 11, 2025, a critical zero-day vulnerability (CVE-2025-24200) affecting Apple’s iOS and iPadOS was reported, allowing attackers to disable USB Restricted Mode on locked devices. This flaw poses a severe risk as it can facilitate unauthorized access to sensitive data. Apple has released an urgent update to patch this vulnerability, highlighting the necessity for immediate user action to mitigate the risk of exploitation. Current reports indicate that the vulnerability is actively being exploited in sophisticated attacks targeting high-profile individuals. Security professionals are advised to ensure that all devices are updated promptly to safeguard against potential breaches. Hacker News

Also In Security Today

GrubHub Data Breach: A data breach at GrubHub, traced to a third-party vendor, compromised customer and partner information, though no complete payment details were stolen. SSL.com

HCRG Care Group Ransomware Attack: HCRG Care Group faced a ransomware attack that threatened the exposure of sensitive data, underscoring vulnerabilities in healthcare cybersecurity. CSHub

Unimicron Cyber Attack: The PCB manufacturer Unimicron fell victim to a new ransomware called "Sarcoma," which threatened to publish stolen data unless ransom demands were met. CM Alliance

Analyst's Take

Today's discovery of CVE-2025-24200 highlights the critical nature of maintaining up-to-date security measures in mobile operating systems. The active exploitation of this vulnerability demonstrates the growing sophistication of threat actors. Organizations must prioritize patch management and educate users on the importance of timely updates. Additionally, the breaches at GrubHub and HCRG Care Group emphasize the ongoing risks associated with third-party vendors, urging a reevaluation of supply chain security practices. The trend toward targeting high-profile entities further necessitates strategic defenses against ransomware and data exposure threats.