New iOS Critical Flaw Could Brick iPhones Instantly With One Line of Code - #CVE-2025-24091
A critical vulnerability in Apple's iOS operating system, CVE-2025-24091, allowed attackers to "soft-brick" iPhones using a single line of code. The flaw exploited the legacy Darwin notification system, enabling unprivileged apps to send malicious notifications that disrupted system processes. A proof-of-concept attack called "EvilNotify" demonstrated various malicious actions, including trapping devices in a denial-of-service loop and triggering misleading security prompts. Apple addressed the issue in iOS 18.3 by introducing a new entitlement system that restricts sensitive notifications to trusted processes. Users are strongly advised to update their devices to mitigate this vulnerability. This incident highlights the risks posed by legacy features in tightly controlled environments and emphasizes the importance of timely software updates for maintaining device security.