AI description
CVE-2025-24091 is a vulnerability in iOS that leverages the "Darwin notification" system. This vulnerability allows any application, even those with sandbox restrictions, to trigger an unrecoverable "restore in progress" state on the device with a single line of code. The issue stems from the lack of sender verification or privilege gating in the Darwin notifications API, which enables a third-party app to send critical system-level notifications. A proof-of-concept app called "EvilNotify" demonstrated the vulnerability by using the `notify_post("com.apple.MobileSync.BackupAgent.RestoreStarted")` function call. This tricks the system into thinking a device restore is underway, freezing user interactions and requiring a device restart. Furthermore, embedding this exploit in a widget extension can cause a persistent loop, effectively "soft-bricking" the phone until a full device erase and restore from backup is performed. The vulnerability is addressed in iOS/iPadOS 18.3.
- Description
- An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-290
- Hype score
- Not currently trending
Comment Your IMEI to won Free Unlock Or -50% :) The vulnerability was assigned CVE-2025-24091 and addressed in iOS/iPadOS 18.3. ⬇️ https://t.co/2jlfb4h91M
@minacrissDev_
25 Jun 2025
383 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Comment Your IMEI to won Free Unlock Or -50% :) The vulnerability was assigned CVE-2025-24091 and addressed in iOS/iPadOS 18.3. ⬇️ https://t.co/aobGiQfDoX
@minacrissDev_
3 May 2025
599 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
1 Quote
CVE-2025-24091 An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17… https://t.co/4JuyrVVkgD
@CVEnew
30 Apr 2025
269 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی آسیب پذیری جدیدی با کد شناسایی CVE-2025-24091 برای IOS منتشر شده است که می تواند فقط با یک خط کد باعث اکسپلویت شدن و Brick شدن این سیستم عامل شود. برای پیشگیری
@AmirHossein_sec
29 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Comment Your IMEI to won Free Unlock Or -50% :) The vulnerability was assigned CVE-2025-24091 and addressed in iOS/iPadOS 18.3. ⬇️ https://t.co/YPmtiUH0TB
@minacrissDev_
29 Apr 2025
739 Impressions
1 Retweet
4 Likes
3 Bookmarks
1 Reply
0 Quotes
iPhone을 벽돌로 만들 수 있었던 1줄짜리 코드 이야기 - Darwin Notification 시스템의 특성과 취약점을 이용해 iPhone을 벽돌화할 수 있었던 사례 소개 - 이 취약점은 CVE-2025-24091로 등록되었으며, 제보자는 $17,500(2500만원)
@GeekNewsHada
29 Apr 2025
1947 Impressions
10 Retweets
10 Likes
6 Bookmarks
1 Reply
1 Quote
🚨NSOC Advisory🚨 Heads-up, iPhone users! A newly disclosed vulnerability (CVE-2025-24091) can brick your device with a single notification, unless you’re on iOS 18.3 or later. Update now, lock down app/widget installs via Mobile Device Manager. https://t.co/25r7oPjzcq
@cirtgovjm
28 Apr 2025
258 Impressions
4 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Critical iOS flaw (CVE-2025-24091) allows apps to brick iPhones with one line of code. Update to iOS 18.3 now to stay protected! #iOSUpdate #CyberSecurity #AppleSecurity https://t.co/yzMFv4GL5B
@dailytechonx
28 Apr 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new iOS flaw (CVE-2025-24091) lets apps simulate a restore, making iPhones unresponsive until reset. It exploits the Darwin notification system’s lack of sender verification. Apple is aware, but no patch yet. #iOSVulnerability #CVE202524091 #AppleAlert #DarwinNotifications ht
@CloneSystemsInc
28 Apr 2025
56 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New iOS Vulnerability Could Brick iPhones With Just One Line of Code — Update Now! A newly disclosed critical flaw in iOS (CVE-2025-24091) shows how a single line of code could send iPhones into an endless reboot loop, effectively bricking devices until a full system rest
@efani
28 Apr 2025
303 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
iOSにおいて、たった1行のコードでiPhoneを恒久的に使用不能にする重大な脆弱性(CVE-2025-24091)が発見された。 この脆弱性は、Darwin通知システムを悪用し、無限リブートループを引き起こすものである。
@yousukezan
28 Apr 2025
21159 Impressions
141 Retweets
258 Likes
90 Bookmarks
0 Replies
4 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03B2CC01-9482-433A-A0D3-076683F4B012",
"versionEndExcluding": "17.7.3"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD29C5E9-9427-4C41-873F-C29493B892E4",
"versionEndExcluding": "18.3",
"versionStartIncluding": "18.0"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D81E83E3-DD8A-4392-96ED-2F88635D8430",
"versionEndIncluding": "18.3"
}
],
"operator": "OR"
}
]
}
]