.jpg)
![[The AI Show Episode 143]: ChatGPT Revenue Surge, New AGI Timelines, Amazon’s AI Agent, Claude for Education, Model Context Protocol & LLMs Pass the Turing Test](https://www.marketingaiinstitute.com/hubfs/ep%20143%20cover.png)
![[Research] Starting Web App in 2025: Vibe-coding, AI Agents….](https://media2.dev.to/dynamic/image/width%3D1000,height%3D500,fit%3Dcover,gravity%3Dauto,format%3Dauto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fby8z0auultdpyfrx5tx8.png)
![[DEALS] Koofr Cloud Storage: Lifetime Subscription (1TB) (80% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
-RTAガチ勢がSwitch2体験会でゼルダのラスボスを撃破して世界初のEDを流してしまう...【ゼルダの伝説ブレスオブザワイルドSwitch2-Edition】-00-06-05.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_roibu_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
.webp?#)
![M4 MacBook Air Drops to Just $849 - Act Fast! [Lowest Price Ever]](https://www.iclarified.com/images/news/97140/97140/97140-640.jpg)
![Apple Smart Glasses Not Close to Being Ready as Meta Targets 2025 [Gurman]](https://www.iclarified.com/images/news/97139/97139/97139-640.jpg)
![iPadOS 19 May Introduce Menu Bar, iOS 19 to Support External Displays [Rumor]](https://www.iclarified.com/images/news/97137/97137/97137-640.jpg)
New iOS Critical Vulnerability That Could Brick iPhones With a Single Line of Code
A critical vulnerability in iOS could allow malicious applications to disable iPhones with just a single line of code permanently. The vulnerability, assigned CVE-2025-24091, leverages the operating system’s Darwin notifications system to trigger an endless reboot cycle, effectively “bricking” devices and requiring a complete system restore. iOS Darwin Notification Vulnerability The vulnerability exploits Darwin notifications, […] The post New iOS Critical Vulnerability That Could Brick iPhones With a Single Line of Code appeared first on Cyber Security News.
A critical vulnerability in iOS could allow malicious applications to disable iPhones with just a single line of code permanently.
The vulnerability, assigned CVE-2025-24091, leverages the operating system’s Darwin notifications system to trigger an endless reboot cycle, effectively “bricking” devices and requiring a complete system restore.
iOS Darwin Notification Vulnerability
The vulnerability exploits Darwin notifications, a low-level messaging mechanism within the CoreOS layer that allows processes to communicate system-wide events.
Unlike more commonly known notification systems such as NSNotificationCenter or NSDistributedNotificationCenter, Darwin notifications are part of a legacy API that operates at a fundamental level across Apple’s operating systems.
“Darwin notifications are even simpler, as they’re a part of the CoreOS layer. They provide a low-level mechanism for simple message exchange between processes on Apple’s operating systems,” explained Guilherme Rambo, the security researcher who discovered the vulnerability.
The critical flaw stems from the fact that any application on iOS could send sensitive system-level Darwin notifications without requiring special privileges or entitlements.
The most dangerous aspect was that these notifications could trigger powerful system functions, including entering a “restore in progress” mode.
The One-Line Exploit
The exploit is remarkably simple- just a single line of code could trigger the vulnerability:
When executed, this code forces the device to enter a “Restore in Progress” state. Since no actual restore is occurring, the process inevitably fails, prompting the user to restart the device. The researcher created a proof-of-concept attack called “VeryEvilNotify” that implemented this exploit within a widget extension.
“Widget extensions are periodically woken up in the background by iOS,” noted the researcher.
“Because of how widespread the use of widgets is on the system, when a new app that includes a widget extension is installed and launched, the system is very eager to execute its widget extension”.
By placing the exploit in a widget that repeatedly crashes after sending the notification, the researcher created a persistent attack that would trigger after each restart, creating an endless loop that rendered the device unusable.
Risk Factors Details Affected Products iOS (iPhones and iPads running versions prior to iOS/iPadOS 18.3) Impact Denial of Service (DoS) Exploit Prerequisites Any sandboxed app or widget extension can trigger the exploit; no special privileges required CVSS 3.1 Score High
Mitigations
Apple addressed the vulnerability in iOS 18.3 by implementing a new entitlement system for sensitive Darwin notifications. The researcher was awarded a bug bounty of $17,500.
Specifically, system notifications now require the prefix “com.apple.private.restrict-post.” and sending processes must possess restricted entitlements in the form of “com.apple.private.darwin-notification.restrict-post. This isn’t the first Darwin-related vulnerability in Apple’s systems. Previously, Kaspersky Lab identified a “Darwin Nuke” vulnerability that could allow remote attackers to initiate denial of service attacks through specifically crafted network packets.
All iPhone users are strongly advised to update to iOS 18.3 or later immediately. Devices running earlier versions remain vulnerable to this attack, which could be deployed through seemingly innocent applications or widgets available through the App Store or other distribution methods.
The case highlights the ongoing security challenges in mobile operating systems, where even simple and overlooked legacy APIs can pose significant risks when improperly secured.
Are you from the SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
The post New iOS Critical Vulnerability That Could Brick iPhones With a Single Line of Code appeared first on Cyber Security News.
