Executive Summary

This report updates the findings on CVE-2025-24085, a use-after-free vulnerability affecting Apple's IDS subsystem and iMessage's BlastDoor sandboxing. Findings (As of February 20, 2025)

iOS 18.3.1 remains vulnerable despite Apple's February 19, 2025, mitigation deadline.
BlastDoor is bypassed, enabling unsandboxed iMessage processing.
Privilege escalation attempts detected, suggesting a possible kernel exploit.
Unauthorized decryption and authentication tampering observed, raising concerns about iMessage interception and data exposure.

The exploit remains active in the wild, requiring immediate action.

https://github.com/orgs/community/discussions/152523