Formal Vulnerability Disclosure for iPhone 15 Pro Max (iOS 18.3.1)

Created on 2025-02-27 08:00 and updated on 2025-02-27 08:00.

Description

Executive Summary

This report updates the findings on CVE-2025-24085, a use-after-free vulnerability affecting Apple's IDS subsystem and iMessage's BlastDoor sandboxing. Findings (As of February 20, 2025)

iOS 18.3.1 remains vulnerable despite Apple's February 19, 2025, mitigation deadline.
BlastDoor is bypassed, enabling unsandboxed iMessage processing.
Privilege escalation attempts detected, suggesting a possible kernel exploit.
Unauthorized decryption and authentication tampering observed, raising concerns about iMessage interception and data exposure.

The exploit remains active in the wild, requiring immediate action.

https://github.com/orgs/community/discussions/152523

Associated vulnerability

CVE-2025-24085

Related vulnerabilities


Meta

[
   {
      ref: [
         "https://github.com/orgs/community/discussions/152523",
      ],
   },
]

Author

Cédric Bonhomme