iOS Zero-Day: Denial-of-Service via Darwin Notifications
2025-04-27
A security researcher discovered a critical iOS vulnerability allowing malicious apps to execute denial-of-service attacks, even causing system reboots, by sending Darwin notifications. Exploiting a lack of sender verification in the Darwin notification mechanism, the researcher created an app, "VeryEvilNotify," triggering a "Restore in Progress" loop, forcing restarts. Apple patched this in iOS 18.3 by introducing restricted entitlements for sensitive notifications.
Development
denial-of-service