Attackers could have used a newly discovered iOS vulnerability to remotely brick iPhones.

A newly discovered vulnerability in Apple's iOS allowed attackers to potentially disable iPhones remotely using just a single line of code. The flaw, which resided deep within Apple's internal messaging system, was identified and subsequently patched by the company. Security researcher Guilherme Rambo played a crucial role in uncovering and helping Apple resolve this significant issue related to Darwin notifications, a fundamental communication mechanism within Apple's operating systems.

The vulnerability stemmed from the unrestricted nature of Darwin notifications, which allowed any process on iOS, even sandboxed apps, to send and receive them without proper verification. While these notifications were intended for basic updates and status changes, Rambo discovered that they could be manipulated to interfere with system operations. He created a proof-of-concept app, "EvilNotify," demonstrating how these notifications could disrupt device functionality, such as altering status bar icons, blocking system gestures, and even forcing the device to use cellular data instead of Wi-Fi.

The most severe impact of the vulnerability was the ability to trigger a "restore in progress" mode, effectively soft-bricking the device and requiring a reboot. Rambo further developed a "VeryEvilNotify" widget extension that could completely disable an iOS device, necessitating a full erase and restore from backup. The researcher also noted the potential for the malicious code to persist through backups, causing repeated device failures.

Rambo disclosed the vulnerability to Apple in June 2024, and the company addressed the issue in subsequent security updates. Apple's fix involved implementing restricted entitlements for sensitive notifications, preventing unauthorized processes from exploiting the flaw. Rambo confirmed that the implemented fix in iOS 18.3 successfully resolved all the issues demonstrated in his proof-of-concept and was awarded a $17,500 bug bounty for his discovery.