Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

New iOS Critical Vulnerability That Could Brick iPhones With a Single Line of Code

The vulnerability, assigned CVE-2025-24091, leverages the operating system’s Darwin notifications system to trigger an endless reboot cycle, effectively “bricking” devices and requiring a complete system restore. They provide a low-level mechanism for simple message exchange between processes on Apple’s operating systems,” explained Guilherme Rambo, the security researcher who discovered the vulnerability. By placing the exploit in a widget that repeatedly crashes after sending the notification, the researcher created a persistent attack that would trigger after each restart, creating an endless loop that rendered the device unusable. The most dangerous aspect was that these notifications could trigger powerful system functions, including entering a “restore in progress” mode. Unlike more commonly known notification systems such as NSNotificationCenter or NSDistributedNotificationCenter, Darwin notifications are part of a legacy API that operates at a fundamental level across Apple’s operating systems. Previously, Kaspersky Lab identified a “Darwin Nuke” vulnerability that could allow remote attackers to initiate denial of service attacks through specifically crafted network packets. The researcher created a proof-of-concept attack called “VeryEvilNotify” that implemented this exploit within a widget extension. Apple addressed the vulnerability in iOS 18.3 by implementing a new entitlement system for sensitive Darwin notifications. The case highlights the ongoing security challenges in mobile operating systems, where even simple and overlooked legacy APIs can pose significant risks when improperly secured. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. “Because of how widespread the use of widgets is on the system, when a new app that includes a widget extension is installed and launched, the system is very eager to execute its widget extension”.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 28 Apr 2025 06:25:06 +0000

Cyber News related to New iOS Critical Vulnerability That Could Brick iPhones With a Single Line of Code

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2025-38263 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

How to Avoid Falling Below the Cybersecurity Poverty Line - The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy ...
2 years ago Csoonline.com

Exploit released for critical Cisco IOS XE flaw, many hosts still hacked - Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. Cisco released patches for most releases of its IOS XE software but ...
1 year ago Bleepingcomputer.com CVE-2023-20198

New iOS Critical Vulnerability That Could Brick iPhones With a Single Line of Code - The vulnerability, assigned CVE-2025-24091, leverages the operating system’s Darwin notifications system to trigger an endless reboot cycle, effectively “bricking” devices and requiring a complete system restore. They provide a ...
4 months ago Cybersecuritynews.com CVE-2025-24091

Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917

Apple iOS 18.4 Beta 3 Released With New Features & Enhancements - Here’s a detailed look at what’s new in iOS 18.4 Beta 3, what has carried over from previous betas, and what iPhone users can expect as Apple fine-tunes this update. Apple typically uses later betas like this one to polish performance and address ...
5 months ago Cybersecuritynews.com

Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917

Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
1 year ago Go.theregister.com CVE-2023-42916 CVE-2023-42917 CVE-2023-36019 CVE-2023-20588 CVE-2023-34064 CVE-2023-41678

Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
1 year ago Packetstormsecurity.com CVE-2023-42916 CVE-2023-42917 CVE-2023-36019 CVE-2023-20588 CVE-2023-34064 CVE-2023-41678

Beware, iPhone Users: iOS GoldDigger Trojan can Steal Face ID and Banking Details - Numerous people pick iPhones over Android phones because they believe iPhones are more secure. This may no longer be the case due to the emergence of a new banking trojan designed explicitly to target iPhone users. According to a detailed report by ...
1 year ago Cysecurity.news

Over 10,000 Cisco devices hacked in IOS XE zero-day attacks - Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect more than 10,000 Cisco IOS XE devices with malicious implants. The list of products running Cisco IOS XE software includes enterprise switches, aggregation ...
1 year ago Bleepingcomputer.com CVE-2023-20198

Brave: Sharp increase in installs after iOS DMA update in EU - Brave has seen a sharp increase in users installing its privacy-focused Brave Browser on iPhones after Apple introduced changes to adhere to the new European Digital Markets Act. To comply with the Digital Markets Act, Apple introduced a new feature ...
1 year ago Bleepingcomputer.com

This tiny device is sending updated iPhones into a never-ending DoS loop - One morning two weeks ago, security researcher Jeroen van der Ham was traveling by train in the Netherlands when his iPhone suddenly displayed a series of pop-up windows that made it nearly impossible to use his device. "My phone was getting these ...
1 year ago Arstechnica.com

CVE-2015-8311 - On 2015-09-14, Marcello Duarte disclosed a vulnerability in FreeSWITCH on the Bugtraq mail list. This was assigned CVE-2015-7392 which reads: Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before ...
55 years ago Tenable.com

Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273 CVE-2021-1435

Apple Patches Are Out, Old iPhones Get an Old Zero-Day Fix At Last - Apple has pushed out a patch for iPhones that fixes a zero-day vulnerability in iOS, released way back in 2017. This patch is significant for old iPhone models because the bug has gone unaddressed for so long, making it difficult - if not impossible ...
2 years ago Nakedsecurity.sophos.com

How to Share a Wi-Fi Password: A Step-by-Step Guide - You can unsubscribe at any ...
11 months ago Techrepublic.com

Fortifying iPhone Security: Stolen Device Protection & Essential Tips Amid Rising Theft Concerns - Numerous iPhones, often regarded as some of the best in the market, are pilfered daily on a global scale. Apple aims to address this issue with the upcoming release of iOS 17.3, introducing a feature called Stolen Device Protection. This security ...
1 year ago Cysecurity.news

Hackers exploit critical RCE flaw in Bricks WordPress site builder - Hackers are actively exploiting a critical remote code execution flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites. The Bricks Builder Theme is a premium WordPress theme described as an innovative, community-driven ...
1 year ago Bleepingcomputer.com CVE-2024-25600

Cisco patches IOS XE zero-days used to hack over 50,000 devices - Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. The free software release comes after a threat actor leveraged the security issues as zero-days to compromise and ...
1 year ago Bleepingcomputer.com CVE-2023-20198

Dozens of Bugs Patched in Apple TVs and Watches, Macs, iPads, iPhones - On Dec. 11, Apple released patches for dozens of vulnerabilities affecting iPhones, Macs, Apple TVs, Apple Watches, and its Safari browser. The long list includes 39 vulnerabilities fixed for macOS Sonoma version 14.2. Among them are CVE-2023-42914, ...
1 year ago Darkreading.com CVE-2023-42914 CVE-2023-42894 CVE-2023-42890 CVE-2023-42883 CVE-2023-42922 CVE-2023-42923 CVE-2023-42897

East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com

Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
1 year ago Silicon.co.uk

New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
1 year ago Securityaffairs.com CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966

New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
5 months ago Therecord.media