{"vulnerability": "CVE-2025-2409", "sightings": [{"uuid": "40679ef9-0d51-43c0-a495-2df39cd9b07d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24099", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113918286393203602", "content": "", "creation_timestamp": "2025-01-30T16:38:22.909394Z"}, {"uuid": "08e64bd6-81de-43da-af56-ea9c6a5d32fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24099", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxydxlo652p", "content": "", "creation_timestamp": "2025-01-30T17:15:50.230246Z"}, {"uuid": "a9381a6f-18ba-4b85-b6fa-9eafdd31de52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24093", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqxrtdf7h2r", "content": "", "creation_timestamp": "2025-01-27T22:17:03.668268Z"}, {"uuid": "d053fd4b-0e81-4993-ad5f-57e47b435b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24099", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgya4xnssz2u", "content": "", "creation_timestamp": "2025-01-30T19:35:06.292569Z"}, {"uuid": "b6362a0b-8951-4bd8-9113-6e13b63de462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24092", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqxrqurgs2c", "content": "", "creation_timestamp": "2025-01-27T22:17:01.044365Z"}, {"uuid": "49482ce5-bea7-4963-bc09-c481610f7e2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24094", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqxrvt4xd27", "content": "", "creation_timestamp": "2025-01-27T22:17:06.224668Z"}, {"uuid": "898359cc-d207-4a60-a5c6-b13f5952018f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24096", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqxrye6ki2i", "content": "", "creation_timestamp": "2025-01-27T22:17:08.847116Z"}, {"uuid": "a5f78d58-7a99-4971-b9ed-59b460a1647a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24091", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lnub4ta76n2y", "content": "", "creation_timestamp": "2025-04-28T07:38:37.093943Z"}, {"uuid": "97ee511e-2e83-48c6-a5af-7d6878c0ddce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2409", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lprupx2z4z22", "content": "", "creation_timestamp": "2025-05-22T19:41:43.628961Z"}, {"uuid": "959a037e-43e9-4b62-8f11-310a20f23c6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/61522", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aiOS app that does stuff with CVE-2025-24091\nURL\uff1ahttps://github.com/rooootdev/evilnotify\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-12-03T17:51:58.000000Z"}, {"uuid": "b720adc0-3ea6-49ee-aeda-c67e148d4c84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24091", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114415722699842435", "content": "", "creation_timestamp": "2025-04-28T13:02:58.672934Z"}, {"uuid": "f29a58f1-9765-4232-b09f-a0b3dc8b70ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24091", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114415836795383285", "content": "", "creation_timestamp": "2025-04-28T13:31:59.900355Z"}, {"uuid": "43953820-da58-444c-a2bc-daaa95a342be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "Telegram/wG0cDJgGVfJGwd2Zjdu2U-n25YycOJf4cno9rhYGWoiytkA", "content": "", "creation_timestamp": "2025-12-03T15:00:08.000000Z"}, {"uuid": "5ecb38f7-0d15-4801-87e0-3908bdb90232", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "Telegram/BTHsSew0OOPVla7Fug7qGoG3AE-1VE1U7EN66KPazST-e4k", "content": "", "creation_timestamp": "2025-12-03T21:00:04.000000Z"}, {"uuid": "8dea6eab-dcf5-4960-8e39-4a7da90439dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24093", "type": "seen", "source": "Telegram/1VY8MpNV_A79m69idlg0PlCm-VEfnIGZE83YqkcRJPUJUZg", "content": "", "creation_timestamp": "2026-04-02T22:13:16.000000Z"}, {"uuid": "d0e1b78f-5905-4095-908c-a6f21cbabef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/61490", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC for CVE-2025-24091\nURL\uff1ahttps://github.com/TS0NW0RK/CVE-2025-24091\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-12-03T11:45:33.000000Z"}, {"uuid": "7c3e89e4-322d-4e6c-9671-29489a41b14d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24095", "type": "seen", "source": "Telegram/plWZfBKuLfZsy-ETkIClFjgDzJwrXtOcx6BqjotDny4d66c", "content": "", "creation_timestamp": "2026-04-02T22:13:57.000000Z"}, {"uuid": "5f16cb98-a187-4a3d-a1f9-8233cdf48f25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24099", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3521", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24099\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-30T17:15:18.473\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/122068\n2. https://support.apple.com/en-us/122069\n3. https://support.apple.com/en-us/122070", "creation_timestamp": "2025-01-30T23:19:49.000000Z"}, {"uuid": "2d55fca9-b79a-45da-a83d-8445dfac6d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24099", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3542", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24099\n\ud83d\udd25 CVSS Score: 5.0 (CVSS_V3)\n\ud83d\udd39 Description: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges.\n\ud83d\udccf Published: 2025-01-30T18:32:09Z\n\ud83d\udccf Modified: 2025-01-31T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-24099\n2. https://support.apple.com/en-us/122068\n3. https://support.apple.com/en-us/122069\n4. https://support.apple.com/en-us/122070", "creation_timestamp": "2025-01-31T01:12:27.000000Z"}, {"uuid": "3fc0127f-1e1f-45ec-bdb4-6d2d0f8342a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24091", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14176", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24091\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.\n\ud83d\udccf Published: 2025-04-30T17:21:08.931Z\n\ud83d\udccf Modified: 2025-04-30T20:22:27.632Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/121838\n2. https://support.apple.com/en-us/122066", "creation_timestamp": "2025-04-30T21:15:45.000000Z"}, {"uuid": "1bffd4d3-a23c-4925-bec9-4fd2417b1242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2409", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17331", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2409\n\ud83d\udd25 CVSS Score: 8.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:U/V:C)\n\ud83d\udd39 Description: File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised\nThis issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.\n\ud83d\udccf Published: 2025-05-22T17:35:36.301Z\n\ud83d\udccf Modified: 2025-05-22T17:35:36.301Z\n\ud83d\udd17 References:\n1. https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021&amp;LanguageCode=en&amp;DocumentPartId=pdf&amp;Action=Launch", "creation_timestamp": "2025-05-22T17:43:31.000000Z"}, {"uuid": "39e70baa-5c4a-4fe1-afbc-97afc872306f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24095", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10347", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24095\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass Privacy preferences.\n\ud83d\udccf Published: 2025-03-31T22:22:36.818Z\n\ud83d\udccf Modified: 2025-04-03T20:16:56.303Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/122371\n2. https://support.apple.com/en-us/122378", "creation_timestamp": "2025-04-03T20:35:55.000000Z"}, {"uuid": "5b2f896b-5dac-456c-b781-6595d946a988", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "https://t.me/itsec_news/5881", "content": "\ud83c\udf4f \u041e\u0434\u043d\u0430 \u0441\u0442\u0440\u043e\u043a\u0430 \u043a\u043e\u0434\u0430 \u2014 \u0438 \u0442\u0432\u043e\u0439 iPhone \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u044b\u043a\u0432\u0443\n\n\u041c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0437\u0432\u0443\u0447\u0430\u0442\u044c \u043a\u0430\u043a \u043a\u043b\u0438\u043a\u0431\u0435\u0439\u0442, \u043d\u043e \u044d\u0442\u043e \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2025-24091 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c iPhone \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u0432 \u0432\u0438\u0434\u0436\u0435\u0442\u0435. \u0414\u0430, \u043f\u0440\u043e\u0441\u0442\u043e notify_post() \u0438 \u0434\u043e \u0441\u0432\u0438\u0434\u0430\u043d\u0438\u044f.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c Guilherme Rambo \u043d\u0430\u0448\u0451\u043b \u0434\u044b\u0440\u0443 \u0432 iOS: \u043b\u044e\u0431\u043e\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043c\u043e\u0433 \u043f\u043e\u0441\u043b\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0435 Darwin-\u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435 com.apple.MobileSync.BackupAgent.RestoreStarted. \u0411\u0435\u0437 \u043f\u0440\u0430\u0432. \u0411\u0435\u0437 \u043f\u043e\u0434\u043f\u0438\u0441\u0435\u0439. \u0411\u0435\u0437 \u0432\u043e\u043f\u0440\u043e\u0441\u043e\u0432. \u0418 iPhone \u0442\u0443\u0442 \u0436\u0435 \u0443\u043b\u0435\u0442\u0430\u043b \u0432 \u0440\u0435\u0436\u0438\u043c \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041f\u0440\u0438\u043c\u0435\u0440 \u043a\u043e\u0434\u0430:\n\nnotify_post(\"com.apple.MobileSync.BackupAgent.RestoreStarted\")\n\n\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0448\u044c \u2014 \u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0437\u0430\u0432\u0438\u0441\u0430\u0435\u0442 \u0432 \u0446\u0438\u043a\u043b\u0435. \u0415\u0441\u043b\u0438 \u0432\u043e\u0442\u043a\u043d\u0443\u0442\u044c \u044d\u0442\u043e \u0432 \u0432\u0438\u0434\u0436\u0435\u0442 (\u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0441\u0430\u043c), \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0448\u044c \u043f\u0435\u0440\u043c\u0430\u043d\u0435\u043d\u0442\u043d\u044b\u0439 DoS \u0431\u0435\u0437 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043e\u0442\u043c\u0435\u043d\u044b. DFU \u2014 \u0442\u0432\u043e\u0439 \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0434\u0440\u0443\u0433.\n\n\u0427\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u0441 \u044d\u0442\u0438\u043c:\n\n\u2022 \u041f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u201c\u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u201d\n\u2022 \u0412\u043a\u043b\u044e\u0447\u0430\u0442\u044c Lost Mode\n\u2022 \u0411\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u043a\u0440\u0430\u043d\n\u2022 \u0414\u0430\u0432\u0430\u0442\u044c \u043b\u043e\u0436\u043d\u044b\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043e \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\n\n\u2026\u0438 \u0432\u0441\u0451 \u044d\u0442\u043e \u0431\u0435\u0437 \u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u043f\u0440\u044f\u043c\u043e \u0438\u0437 \u043e\u0431\u044b\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0432 iOS 18.3+\n\n\u0422\u0435\u043f\u0435\u0440\u044c Apple \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 entitlement \u043d\u0430 \u043a\u0430\u0436\u0434\u043e\u0435 \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 Darwin-\u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435. \u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u043c\u0435\u043d\u044f\u043b\u0438 \u043d\u0430:\n\ncom.apple.private.restrict-post.MobileBackup.BackupAgent.RestoreStarted\n\n\u0422\u0430\u043a \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435 \u043f\u043e\u0434\u043e\u0439\u0434\u0451\u0448\u044c.\n\nCVSS: 7.1 \u2014 \u0434\u0430, \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0430\u044f, \u043d\u043e \u0431\u0435\u0437 \u043f\u0440\u0430\u0432, \u0431\u0435\u0437 UI, \u0438 \u043a\u0438\u0440\u043f\u0438\u0447 \u0432 \u043e\u0434\u0438\u043d \u043a\u043b\u0438\u043a. Apple \u0432\u044b\u0434\u0430\u043b\u0430 \u0431\u0430\u0433\u0445\u0430\u043d\u0442\u0435\u0440\u0443 $17,500.\n\n\u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c:\n\u2022 \u041e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e iOS/iPadOS 18.3 \u0438\u043b\u0438 \u0432\u044b\u0448\u0435\n\u2022 \u0412\u044b\u043a\u0438\u043d\u0443\u0442\u044c \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0432\u0438\u0434\u0436\u0435\u0442\u044b\n\u2022 MDM-\u0448\u043d\u0438\u043a\u0430\u043c: \u043f\u0440\u043e\u0432\u0435\u0440\u044c\u0442\u0435, \u0447\u0442\u043e \u0432\u0430\u0448\u0438 \u043f\u0440\u043e\u0444\u0438\u043b\u0438 \u043d\u0435 \u043f\u0440\u043e\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u201c\u0441 \u0443\u043b\u0438\u0446\u044b\u201d\n\nPOC \u0432\u0438\u0434\u0436\u0435\u0442 (\u0434\u043b\u044f \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0439):\n\n@main\nstruct EvilWidgetEntryPoint {\n    static func main() {\n        notify_post(\"com.apple.MobileSync.BackupAgent.RestoreStarted\")\n        EvilWidgetBundle.main()\n    }\n}\n\n\u0414\u043e\u0431\u0440\u043e \u043f\u043e\u0436\u0430\u043b\u043e\u0432\u0430\u0442\u044c \u0432 2025 \u2014 \u0433\u0434\u0435 \u0434\u0430\u0436\u0435 iPhone \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u043a\u0438\u0440\u043f\u0438\u0447\u0438\u0442\u044c \u0432\u0438\u0434\u0436\u0435\u0442\u043e\u043c.\n\n\u042f \u043f\u043e\u043a\u0430 \u043f\u043e\u0439\u0434\u0443\u2026 \u043f\u0440\u043e\u0432\u0435\u0440\u044e \u0441\u0432\u043e\u0438 \u0432\u0438\u0434\u0436\u0435\u0442\u044b.\n\nITsec NEWS", "creation_timestamp": "2025-05-14T18:34:16.000000Z"}, {"uuid": "cad49b66-53c8-437b-8e71-8b24073d7d8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24097", "type": "seen", "source": "https://t.me/true_secator/6902", "content": "Apple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0445\u0441\u044f \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 0-day \u0434\u043b\u044f \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u043a\u0430\u0442\u0438\u043b\u0438 \u0438 \u0434\u043b\u044f \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 iOS, iPadOS \u0438 macOS.\n\n\u041f\u0435\u0440\u0432\u044b\u0439 \u0431\u044d\u043a\u043f\u043e\u0440\u0442 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f CVE-2025-24200, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 Citizen Lab, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0440\u0435\u0448\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u0439 \u043a\u0440\u0438\u043c\u0438\u043d\u0430\u043b\u0438\u0441\u0442\u0438\u043a\u0438 \u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u043b\u0430 \u043a \u0434\u0435\u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u00ab\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u0436\u0438\u043c\u0430 USB\u00bb \u043d\u0430 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445.\n\nApple \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 iOS 18.3.1, iPadOS 18.3.1 \u0438 17.7.5, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 10 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2025 \u0433\u043e\u0434\u0430.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041e\u0421, -\u00a0CVE-2025-24201, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u0432\u044b\u0445\u043e\u0434\u0438\u0442\u044c \u0437\u0430 \u0440\u0430\u043c\u043a\u0438 \u00ab\u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b\u00bb \u043d\u0430 \u0434\u0432\u0438\u0436\u043a\u0435 WebKit \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0435\u0431-\u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430.\n\nApple \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0447\u0440\u0435\u0437\u0432\u044b\u0447\u0430\u0439\u043d\u043e \u0441\u043b\u043e\u0436\u043d\u044b\u0445\u00bb \u0430\u0442\u0430\u043a\u0430\u0445, \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0435\u0435 11 \u043c\u0430\u0440\u0442\u0430 2025 \u0433\u043e\u0434\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2 \u0438 Safari 18.3.1.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0443\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2025-24200 \u0438 CVE-2025-24201 \u0432\u00a0iOS 16.7.11 \u0438 15.8.4, \u0430 \u0442\u0430\u043a\u0436\u0435 iPadOS \u0432\u0435\u0440\u0441\u0438\u0439 16.7.11 \u0438 15.8.4.\n\n\u0422\u0440\u0435\u0442\u044c\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u043d\u0430 \u0441\u0442\u0430\u0440\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445, -\u00a0CVE-2025-24085, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Core Media \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Apple.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0432 \u043a\u043e\u043d\u0446\u0435 \u044f\u043d\u0432\u0430\u0440\u044f 2025 \u0433\u043e\u0434\u0430, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3 \u0438 tvOS 18.3.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2025-24085 \u0441\u0442\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 iPadOS 17.7.6 \u0438 macOS \u0432\u0435\u0440\u0441\u0438\u0439 14.7.5 (Sonoma) \u0438 13.7.5 (Ventura).\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0431\u044d\u043a\u043f\u043e\u0440\u0442\u043e\u0432, Apple \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u0441\u0432\u043e\u0438\u0445 \u041e\u0421 \u0438 \u041f\u041e, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Safari \u0438 Xcode.\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f\u00a0iOS 18.4 \u0438 iPadOS 18.4 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 77 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 CVE-2025-30456 (\u043e\u0431\u0445\u043e\u0434 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e root), CVE-2025-24097 (\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u0430) \u0438 CVE-2025-31182 (\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u0430).\n\n\u0412 macOS Sequoia 15.4 Apple \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 123 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f CVE-2025-24228 (\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u044f\u0434\u0440\u0430), CVE-2025-24267 (\u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e root) \u0438 CVE-2025-24178 (\u0432\u044b\u0445\u043e\u0434 \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b).\n\n\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Safari 18.4 Apple \u0437\u0430\u043a\u0440\u044b\u043b\u0430 13 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f CVE-2025-24213 (\u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 WebKit), CVE-2025-30427 (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 WebKit \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438) \u0438 CVE-2025-24180 (\u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0430 \u0441 \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 WebAuthn).\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f\u0445 \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442\u0441\u044f \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.", "creation_timestamp": "2025-04-02T14:18:11.000000Z"}, {"uuid": "80d29502-95e7-4530-a942-d805e31a3454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24099", "type": "seen", "source": "https://t.me/cvedetector/16813", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24099 - Apple macOS Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24099 \nPublished : Jan. 30, 2025, 5:15 p.m. | 1\u00a0hour, 58\u00a0minutes ago \nDescription : The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T20:57:53.000000Z"}, {"uuid": "3a0e0658-eb4b-4128-b4cc-039d7b3e4fd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24091", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/2516", "content": "EvilNotify: Single line of code could soft-brick iPhones by sending malicious notifications (CVE-2025-24091)\nhttps://rambo.codes/posts/2025-04-24-how-a-single-line-of-code-could-brick-your-iphone", "creation_timestamp": "2025-05-05T06:28:47.000000Z"}]}