{"vulnerability": "CVE-2025-24091", "sightings": [{"uuid": "43953820-da58-444c-a2bc-daaa95a342be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "Telegram/wG0cDJgGVfJGwd2Zjdu2U-n25YycOJf4cno9rhYGWoiytkA", "content": "", "creation_timestamp": "2025-12-03T15:00:08.000000Z"}, {"uuid": "5ecb38f7-0d15-4801-87e0-3908bdb90232", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "Telegram/BTHsSew0OOPVla7Fug7qGoG3AE-1VE1U7EN66KPazST-e4k", "content": "", "creation_timestamp": "2025-12-03T21:00:04.000000Z"}, {"uuid": "959a037e-43e9-4b62-8f11-310a20f23c6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/61522", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aiOS app that does stuff with CVE-2025-24091\nURL\uff1ahttps://github.com/rooootdev/evilnotify\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-12-03T17:51:58.000000Z"}, {"uuid": "d0e1b78f-5905-4095-908c-a6f21cbabef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/61490", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC for CVE-2025-24091\nURL\uff1ahttps://github.com/TS0NW0RK/CVE-2025-24091\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-12-03T11:45:33.000000Z"}, {"uuid": "3fc0127f-1e1f-45ec-bdb4-6d2d0f8342a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24091", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14176", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24091\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.\n\ud83d\udccf Published: 2025-04-30T17:21:08.931Z\n\ud83d\udccf Modified: 2025-04-30T20:22:27.632Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/121838\n2. https://support.apple.com/en-us/122066", "creation_timestamp": "2025-04-30T21:15:45.000000Z"}, {"uuid": "5b2f896b-5dac-456c-b781-6595d946a988", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "https://t.me/itsec_news/5881", "content": "\ud83c\udf4f \u041e\u0434\u043d\u0430 \u0441\u0442\u0440\u043e\u043a\u0430 \u043a\u043e\u0434\u0430 \u2014 \u0438 \u0442\u0432\u043e\u0439 iPhone \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u044b\u043a\u0432\u0443\n\n\u041c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0437\u0432\u0443\u0447\u0430\u0442\u044c \u043a\u0430\u043a \u043a\u043b\u0438\u043a\u0431\u0435\u0439\u0442, \u043d\u043e \u044d\u0442\u043e \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2025-24091 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c iPhone \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u0432 \u0432\u0438\u0434\u0436\u0435\u0442\u0435. \u0414\u0430, \u043f\u0440\u043e\u0441\u0442\u043e notify_post() \u0438 \u0434\u043e \u0441\u0432\u0438\u0434\u0430\u043d\u0438\u044f.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c Guilherme Rambo \u043d\u0430\u0448\u0451\u043b \u0434\u044b\u0440\u0443 \u0432 iOS: \u043b\u044e\u0431\u043e\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043c\u043e\u0433 \u043f\u043e\u0441\u043b\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0435 Darwin-\u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435 com.apple.MobileSync.BackupAgent.RestoreStarted. \u0411\u0435\u0437 \u043f\u0440\u0430\u0432. \u0411\u0435\u0437 \u043f\u043e\u0434\u043f\u0438\u0441\u0435\u0439. \u0411\u0435\u0437 \u0432\u043e\u043f\u0440\u043e\u0441\u043e\u0432. \u0418 iPhone \u0442\u0443\u0442 \u0436\u0435 \u0443\u043b\u0435\u0442\u0430\u043b \u0432 \u0440\u0435\u0436\u0438\u043c \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041f\u0440\u0438\u043c\u0435\u0440 \u043a\u043e\u0434\u0430:\n\nnotify_post(\"com.apple.MobileSync.BackupAgent.RestoreStarted\")\n\n\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0448\u044c \u2014 \u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0437\u0430\u0432\u0438\u0441\u0430\u0435\u0442 \u0432 \u0446\u0438\u043a\u043b\u0435. \u0415\u0441\u043b\u0438 \u0432\u043e\u0442\u043a\u043d\u0443\u0442\u044c \u044d\u0442\u043e \u0432 \u0432\u0438\u0434\u0436\u0435\u0442 (\u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0441\u0430\u043c), \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0448\u044c \u043f\u0435\u0440\u043c\u0430\u043d\u0435\u043d\u0442\u043d\u044b\u0439 DoS \u0431\u0435\u0437 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043e\u0442\u043c\u0435\u043d\u044b. DFU \u2014 \u0442\u0432\u043e\u0439 \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0434\u0440\u0443\u0433.\n\n\u0427\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u0441 \u044d\u0442\u0438\u043c:\n\n\u2022 \u041f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u201c\u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u201d\n\u2022 \u0412\u043a\u043b\u044e\u0447\u0430\u0442\u044c Lost Mode\n\u2022 \u0411\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u043a\u0440\u0430\u043d\n\u2022 \u0414\u0430\u0432\u0430\u0442\u044c \u043b\u043e\u0436\u043d\u044b\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043e \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\n\n\u2026\u0438 \u0432\u0441\u0451 \u044d\u0442\u043e \u0431\u0435\u0437 \u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u043f\u0440\u044f\u043c\u043e \u0438\u0437 \u043e\u0431\u044b\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0432 iOS 18.3+\n\n\u0422\u0435\u043f\u0435\u0440\u044c Apple \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 entitlement \u043d\u0430 \u043a\u0430\u0436\u0434\u043e\u0435 \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 Darwin-\u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435. \u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u043c\u0435\u043d\u044f\u043b\u0438 \u043d\u0430:\n\ncom.apple.private.restrict-post.MobileBackup.BackupAgent.RestoreStarted\n\n\u0422\u0430\u043a \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435 \u043f\u043e\u0434\u043e\u0439\u0434\u0451\u0448\u044c.\n\nCVSS: 7.1 \u2014 \u0434\u0430, \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0430\u044f, \u043d\u043e \u0431\u0435\u0437 \u043f\u0440\u0430\u0432, \u0431\u0435\u0437 UI, \u0438 \u043a\u0438\u0440\u043f\u0438\u0447 \u0432 \u043e\u0434\u0438\u043d \u043a\u043b\u0438\u043a. Apple \u0432\u044b\u0434\u0430\u043b\u0430 \u0431\u0430\u0433\u0445\u0430\u043d\u0442\u0435\u0440\u0443 $17,500.\n\n\u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c:\n\u2022 \u041e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e iOS/iPadOS 18.3 \u0438\u043b\u0438 \u0432\u044b\u0448\u0435\n\u2022 \u0412\u044b\u043a\u0438\u043d\u0443\u0442\u044c \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0432\u0438\u0434\u0436\u0435\u0442\u044b\n\u2022 MDM-\u0448\u043d\u0438\u043a\u0430\u043c: \u043f\u0440\u043e\u0432\u0435\u0440\u044c\u0442\u0435, \u0447\u0442\u043e \u0432\u0430\u0448\u0438 \u043f\u0440\u043e\u0444\u0438\u043b\u0438 \u043d\u0435 \u043f\u0440\u043e\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u201c\u0441 \u0443\u043b\u0438\u0446\u044b\u201d\n\nPOC \u0432\u0438\u0434\u0436\u0435\u0442 (\u0434\u043b\u044f \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0439):\n\n@main\nstruct EvilWidgetEntryPoint {\n    static func main() {\n        notify_post(\"com.apple.MobileSync.BackupAgent.RestoreStarted\")\n        EvilWidgetBundle.main()\n    }\n}\n\n\u0414\u043e\u0431\u0440\u043e \u043f\u043e\u0436\u0430\u043b\u043e\u0432\u0430\u0442\u044c \u0432 2025 \u2014 \u0433\u0434\u0435 \u0434\u0430\u0436\u0435 iPhone \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u043a\u0438\u0440\u043f\u0438\u0447\u0438\u0442\u044c \u0432\u0438\u0434\u0436\u0435\u0442\u043e\u043c.\n\n\u042f \u043f\u043e\u043a\u0430 \u043f\u043e\u0439\u0434\u0443\u2026 \u043f\u0440\u043e\u0432\u0435\u0440\u044e \u0441\u0432\u043e\u0438 \u0432\u0438\u0434\u0436\u0435\u0442\u044b.\n\nITsec NEWS", "creation_timestamp": "2025-05-14T18:34:16.000000Z"}, {"uuid": "3a0e0658-eb4b-4128-b4cc-039d7b3e4fd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/2516", "content": "EvilNotify: Single line of code could soft-brick iPhones by sending malicious notifications (CVE-2025-24091)\nhttps://rambo.codes/posts/2025-04-24-how-a-single-line-of-code-could-brick-your-iphone", "creation_timestamp": "2025-05-05T06:28:47.000000Z"}, {"uuid": "a5f78d58-7a99-4971-b9ed-59b460a1647a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24091", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lnub4ta76n2y", "content": "", "creation_timestamp": "2025-04-28T07:38:37.093943Z"}, {"uuid": "b720adc0-3ea6-49ee-aeda-c67e148d4c84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24091", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114415722699842435", "content": "", "creation_timestamp": "2025-04-28T13:02:58.672934Z"}, {"uuid": "f29a58f1-9765-4232-b09f-a0b3dc8b70ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24091", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114415836795383285", "content": "", "creation_timestamp": "2025-04-28T13:31:59.900355Z"}]}