https://cve.circl.lu/comments/feed 2025-04-01T00:58:07.532884+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent comments. https://cve.circl.lu/comment/e2a22b2f-4064-4f7f-a7c5-6b9f4b3cd280 2025-04-01T00:58:07.562053+00:00 Cédric Bonhomme http://cve.circl.lu/user/cedric ### Executive Summary This report updates the findings on CVE-2025-24085, a use-after-free vulnerability affecting Apple's IDS subsystem and iMessage's BlastDoor sandboxing. Findings (As of February 20, 2025) iOS 18.3.1 remains vulnerable despite Apple's February 19, 2025, mitigation deadline. BlastDoor is bypassed, enabling unsandboxed iMessage processing. Privilege escalation attempts detected, suggesting a possible kernel exploit. Unauthorized decryption and authentication tampering observed, raising concerns about iMessage interception and data exposure. The exploit remains active in the wild, requiring immediate action. https://github.com/orgs/community/discussions/152523 2025-02-27T08:00:55.964879+00:00