Cybersecurity News: Newly Disclosed Exploits Target Apple iOS and Mitel SIP Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently expanded its Known Exploited Vulnerabilities (KEV) catalog to include critical flaws affecting Apple iOS and iPadOS devices, as well as Mitel SIP (Session Initiation Protocol) phones. This action underscores the pressing need for organizations and individuals to address these vulnerabilities to safeguard their systems against potential exploits by hackers.

Apple iOS and iPadOS Vulnerability (CVE-2025-24200)

In early February 2025, Apple released emergency security updates to rectify a zero-day vulnerability identified as CVE-2025-24200. This flaw pertains to an incorrect authorization issue that could allow attackers with physical access to a device to disable the USB Restricted Mode on a locked device. USB Restricted Mode, introduced in iOS 11.4.1, is a security feature designed to prevent unauthorized data access via the device's Lightning port by disabling data connections after a specified period of inactivity.

The vulnerability affects a range of devices, including:

• iPhone XS and later models

• iPad Pro 13-inch

• iPad Pro 12.9-inch (3rd generation and later)

• iPad Pro 11-inch (1st generation and later)

• iPad Air (3rd generation and later)

• iPad (7th generation and later)

• iPad mini (5th generation and later)

Apple addressed this security gap in iOS 18.3.1 and iPadOS 18.3.1 by enhancing state management protocols. The company acknowledged reports suggesting that this vulnerability had been widely exploited in "extremely sophisticated" attacks targeting specific individuals. While Apple has not publicly disclosed detailed information about these attacks or the threat actors involved, the discovery by researchers at Citizen Lab indicates potential use of the exploit in deploying commercial spyware in highly targeted operations. Such attacks often focus on journalists, dissidents, and political figures, utilizing zero-day exploits to compromise devices.

Mitel SIP Phones Vulnerability (CVE-2024-41710)

The second critical vulnerability just added to CISA's KEV catalog is CVE-2024-41710, which affects Mitel 6800, 6900, and 6900w series SIP phones, including the 6970 Conference Unit up to firmware version R6.4.0.HF1 (R6.4.0.136). Discovered in mid-2024, this argument injection vulnerability allows an authenticated attacker with administrative privileges to execute arbitrary commands due to insufficient parameter sanitization during the boot process.

Mitel released firmware updates in July 2024 to address this issue. However, by January 2025, security researchers observed a new variant of the Mirai-based botnet, known as Aquabot v3, actively exploiting this vulnerability. Aquabot is a malware, designed to launch Distributed Denial of Service (DDoS) attacks, and this third iteration introduces novel functionalities, including command-and-control communication upon receiving specific signals. The botnet specifically targets the CVE-2024-41710 flaw in vulnerable Mitel SIP phones, posing significant risks to organizations utilizing these devices.

CISA's Directive and Recommendations

In response to the active exploitation of these vulnerabilities, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies remediate the identified vulnerabilities by March 5, 2025, to protect their networks from potential threats. While this directive specifically applies to federal government agencies, CISA strongly advises private sector organizations to review the KEV catalog and address these vulnerabilities within their infrastructures promptly.

Mitigation Measures

To protect against potential exploits related to these vulnerabilities, the following actions are recommended:

• For Apple iOS and iPadOS Devices: Users should immediately update their devices to iOS 18.3.1 or iPadOS 18.3.1. These updates are available for download through the device's settings under "Software Update." Ensuring the latest security patches are applied by regularly updating devices helps mitigate known vulnerabilities.

• For Mitel SIP Phones: Organizations using affected Mitel SIP phone models should upgrade to the latest firmware version provided by Mitel. This update addresses the CVE-2024-41710 vulnerability. Additionally, it's advisable to monitor network traffic for unusual activities associated with botnet behavior and implement network segmentation to limit potential spread.

Conclusion

The inclusion of these vulnerabilities in CISA's Known Exploited Vulnerabilities catalog highlights the critical importance of timely patch management and system updates. Both individuals and organizations must remain vigilant, ensuring that all devices and systems are up-to-date with the latest security patches to defend against emerging threats. Proactive measures, such as regular software updates and network monitoring, are essential components of a robust cybersecurity strategy.