A critical vulnerability in iOS could allow malicious applications to permanently disable iPhones with a single line of code. This flaw, identified as CVE-2025-24091, exploits the Darwin notifications system within iOS to initiate an endless reboot cycle, rendering devices inoperable. The issue arises from the system’s legacy API, which allows any application to send sensitive system-level notifications without special privileges.
This could trigger powerful system functions, including an unintended “Restore in Progress” mode, ultimately causing the device to enter a continuous loop of failure.
The exploit is surprisingly simple: a single line of code can trigger the vulnerability by sending a notification to force the device into the “Restore in Progress” state. Since no actual restore occurs, the device repeatedly fails and requires a restart. A proof-of-concept attack, called “VeryEvilNotify,” demonstrated the exploit within a widget extension that crashes after sending notifications, keeping the device in an endless restart cycle. The widespread use of widgets means that any app with a widget extension could exploit this flaw, potentially affecting millions of devices.
This vulnerability affects iPhones and iPads running iOS versions prior to 18.3, with any sandboxed app or widget extension being able to trigger the attack.
The exploit has been rated with a high CVSS 3.1 score, highlighting its severity. Apple has addressed the issue in iOS 18.3 by introducing a new entitlement system for sending sensitive Darwin notifications. This mitigation requires apps to have specific entitlements to post notifications, thus limiting the ability of malicious apps to exploit the flaw.
Users are strongly advised to update their devices to iOS 18.3 or later to protect against this vulnerability. Devices running older versions remain susceptible to the attack, which could be carried out through seemingly harmless applications or widgets. This case underscores the security risks associated with legacy APIs in mobile operating systems and highlights the importance of securing even the most basic system functions to prevent exploitation.
