{"uuid": "e2a22b2f-4064-4f7f-a7c5-6b9f4b3cd280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "title": "Formal Vulnerability Disclosure for iPhone 15 Pro Max (iOS 18.3.1)", "description": "### Executive Summary\n\nThis report updates the findings on CVE-2025-24085, a use-after-free vulnerability affecting Apple's IDS subsystem and iMessage's BlastDoor sandboxing.\nFindings (As of February 20, 2025)\n\n    iOS 18.3.1 remains vulnerable despite Apple's February 19, 2025, mitigation deadline.\n    BlastDoor is bypassed, enabling unsandboxed iMessage processing.\n    Privilege escalation attempts detected, suggesting a possible kernel exploit.\n    Unauthorized decryption and authentication tampering observed, raising concerns about iMessage interception and data exposure.\n\nThe exploit remains active in the wild, requiring immediate action.\n\nhttps://github.com/orgs/community/discussions/152523", "description_format": "markdown", "vulnerability": "CVE-2025-24085", "creation_timestamp": "2025-02-27T08:00:55.964879+00:00", "timestamp": "2025-02-27T08:00:55.964879+00:00", "related_vulnerabilities": ["CVE-2025-24085"], "meta": [{"ref": ["https://github.com/orgs/community/discussions/152523"]}], "author": {"login": "cedric", "name": "C\u00e9dric Bonhomme", "uuid": "af0120d0-3dac-4a6a-974b-a9f33d2a9846"}}