USB-C Connection Vulnerability in Apple iOS and iPadOS Devices
CVE-2025-24193

2.4LOW

Key Information:

Vendor: Apple
Status: iOS And iPad OS
Vendor: CVE Published:; 31 March 2025

Summary

A security vulnerability in Apple iOS and iPadOS allows unauthorized access to photos on unlocked devices through a USB-C connection. This issue could enable attackers to programmatically access sensitive user photos, highlighting the importance of robust authentication measures. Apple has addressed this issue in the latest updates, emphasizing the need for users to update to iOS 18.4 and iPadOS 18.4 to safeguard their devices.

Affected Version(s)

iOS and iPadOS < 18.4

References

https://support.apple.com/en-us/122371

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Jan 17, 2025