Workflow
一行代码直接让 iPhone 变成砖块!!!漏洞发现者喜 17500 刀赏金~
AppleApple(US:AAPL) 菜鸟教程·2025-04-29 11:55

Core Insights - A significant iOS vulnerability was discovered involving a single line of code that could cause devices to become inoperable, leading to a bounty of $17,500 awarded by Apple for its identification [1][27]. Vulnerability Details - The vulnerability is linked to the Darwin Notification API, which is a legacy public API used for inter-process communication within Apple's systems. It lacks sender verification and requires no special permissions, allowing any application, including malicious software, to impersonate system components and send destructive notifications [5][7]. - The attack mechanism was demonstrated through a proof-of-concept application called EvilNotify, which exploited the notification system to trigger a "restore" state on the device, ultimately leading to a forced reboot due to timeout failures [10][12]. Attack Mechanism - A more advanced version of the attack, termed VeryEvilNotify, was developed to ensure the device would repeatedly enter a "restore" state after each reboot. This was achieved by utilizing widget extensions that could execute malicious code even when the app was not in the foreground [13][15]. - The attack resulted in a continuous loop of "restore → crash → reboot," effectively bricking the device and requiring data erasure for recovery [18][22]. Remediation Timeline - The vulnerability was reported to Apple on June 26, 2024, and was confirmed to be fixed by January 28, 2025, with a CVE assigned on March 11, 2025 [25][27]. Apple's Fix - Apple implemented a fix that requires restricted permissions for sending sensitive notifications through the Darwin Notification API. This includes renaming notifications and verifying sender permissions to prevent unauthorized applications from executing sensitive operations [30][31].