CVE-2025-24091

Apple
iOS

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-24091 is a vulnerability in iOS that leverages the "Darwin notification" system. This vulnerability allows any application, even those with sandbox restrictions, to trigger an unrecoverable "restore in progress" state on the device with a single line of code. The issue stems from the lack of sender verification or privilege gating in the Darwin notifications API, which enables a third-party app to send critical system-level notifications. A proof-of-concept app called "EvilNotify" demonstrated the vulnerability by using the `notify_post("com.apple.MobileSync.BackupAgent.RestoreStarted")` function call. This tricks the system into thinking a device restore is underway, freezing user interactions and requiring a device restart. Furthermore, embedding this exploit in a widget extension can cause a persistent loop, effectively "soft-bricking" the phone until a full device erase and restore from backup is performed. The vulnerability is addressed in iOS/iPadOS 18.3.

Description
-

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

34

  1. Critical iOS flaw (CVE-2025-24091) allows apps to brick iPhones with one line of code. Update to iOS 18.3 now to stay protected! #iOSUpdate #CyberSecurity #AppleSecurity https://t.co/yzMFv4GL5B

    @dailytechonx

    28 Apr 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A new iOS flaw (CVE-2025-24091) lets apps simulate a restore, making iPhones unresponsive until reset. It exploits the Darwin notification system’s lack of sender verification. Apple is aware, but no patch yet. #iOSVulnerability #CVE202524091 #AppleAlert #DarwinNotifications ht

    @CloneSystemsInc

    28 Apr 2025

    51 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 New iOS Vulnerability Could Brick iPhones With Just One Line of Code — Update Now! A newly disclosed critical flaw in iOS (CVE-2025-24091) shows how a single line of code could send iPhones into an endless reboot loop, effectively bricking devices until a full system rest

    @efani

    28 Apr 2025

    297 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. iOSにおいて、たった1行のコードでiPhoneを恒久的に使用不能にする重大な脆弱性(CVE-2025-24091)が発見された。 この脆弱性は、Darwin通知システムを悪用し、無限リブートループを引き起こすものである。

    @yousukezan

    28 Apr 2025

    19210 Impressions

    133 Retweets

    227 Likes

    80 Bookmarks

    0 Replies

    4 Quotes

References