It is true that, today, with the permission of Samsung’s smartphones and their Knox security suite, The iPhone is one of the safest phones on the market. However, surely it does not mean insurmountable and history has shown that, however advanced its system is, it is not perfect, making it clear that nothing or anyone is safe from cybercriminals.
In fact, less than a week has been discovered a new vulnerability in Apple software, identified under the name CVE-2025-24200, which allowed a sophisticated attack that disabled the USB restricted security mode, A function implemented in 2018 to protect unauthorized access devices through the Apple phone connector. This mode deactivates USB data transfer if the device has not been unlocked in a week, preventing attacks with tools such as Graykey, used by some security agencies to unlock iPhones.
Apple has already solved the problem with a patch, but that it is solved does not mean that it has not happened, as it has repeatedly passed with some of the most famous hackeos of the iPhone.
Apple’s security is not invincible
Apple has worked for years to improve the safety of its devices, but no system is infallible. We no longer speak of the aforementioned vulnerability CVE-2025-24200 but we all have in memory historical attacks such as Celebrate and (if you know something about this world) vulnerability in Cocoapodswhich makes it clear that the iPhone is not as safe as they paint it.
Celebgate, Apple’s most famous hacking
One of the most popular hackeos in the history of Apple occurred in 2014 with the case known as Celebrate. In this attack, Hackers accessed the ICloud accounts of several celebrities and leaked Hundreds of private photos on the Internet. Although initially it was thought that it was a gap in ICloud’s security, Apple clarified that the attackers used phishing and brute force attacks to obtain the access credentials of the victims.
This incident revealed the importance of authentication in two steps and using safe passwords while demonstrating that it does not matter to having the safer operating system in the world, if the user does not use it properly and causes these unauthorized accesses.
Cocoapods, a threat hides 10 years
Without going so far, the same last year, a Coconopods failurea popular open source repository for Apple developers, presented the security of millions of iOS and Macos applications. Discovered by researchers at Eva Information Security, this problem had more than a decade without being detected and affected about three million applications, a number too high for what we are accustomed to in the Apple ecosystem.
Cocoapods It is an essential tool for developers, since it allows to easily integrate third party code into their apps. However, this vulnerability showed how a failure in a critical component can compromise the security of an entire ecosystem. In this case, weakness was in the email verification mechanism used to authenticate developers, which allowed attackers to potentially access sensitive information of millions of users.
Checkm8, not a formato saves your iPhone
In this case we talk about An exploit affected millions of devices with Apple chips that went from the A5 to a11 (that is, from the iPhone 4s to the iPhone X). It allowed a permanent jailbreak by taking advantage of a bootrom failure, the part – supposedly – unalterable of the iPhone software and, although it could not be corrected with updates, its use required physical access to the device.
What did Checkm8 especially serious is that, being in the BOOTROMNot even a factory restoration can eliminate vulnerability, becoming a very popular tool for the hacker community fighting to be the first to make a jailbreak to each new version. But, of course, every tool has its dark side and also became a potential route of attack for cybercriminals wanting to take control of the device.
Fortunately, the most recent iPhone models have reinforced their security measuresand although Checkm8 remains a real threat to affected devices, it is almost not used.
Pegasus, affecting both Android and iOS
Surely you have heard in the news of this sophisticated spy software developed by the Israeli company NSO Group that has been used to spy on journalists, activists and politicians worldwide. And affects the Google operating system equally as those who work with iOS.
Pegasus takes advantage Zero Day vulnerabilities in the iPhone To settle without the user noticing, accessing sensitive data such as messages, calls and locations. Its infiltration capacity is such that it does not even require that the victim click on a link, since it can be exploited by methods such as WhatsApp calls or invisible messages in Imessage.
It is true that, from its discovery, Apple has worked in patches to mitigate these attacksbut NSO Group continues to find new ways to evade protections. This has led Apple to take legal measures against the company and to implement advanced security functions such as the “block mode” in iOS, designed for users at high risk of being attacked with this type of software.
Remember that the best way to Protecting an iPhone is keeping it updated With the latest versions of iOS, activate authentication in two steps and be careful when using third -party applications. Apple will continue to reinforce its ecosystem, but common sense will always be the best security tool that you will be able to use with your phones, be they Apple or any other brand.
