Apple security patch release for CVE-2025-24132
Security Patch Release
Summary
Hide ▲
Show ▼
Apple released a March 31 fix for CVE-2025-24132 in CarPlay and the AirPlay SDK, but the patch did not quickly reach most vehicle systems. The delayed rollout left many systems exposed to a flaw that can enable root-privilege remote code execution and unsafe in-vehicle abuse. By the time of disclosure, only a small number of vendors had implemented the fix, and no car manufacturers had done so.
Related Happenings
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch Release
First: 30.04.2026 16:54
Last: 30.04.2026 16:54
Sources 1
About this happening:
**Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch ReleaseAbout this happening: **Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
Apple out-of-band iOS/iPadOS security updates (CVE-2026-28950)
Security Patch Release
First: 22.04.2026 23:58
Last: 22.04.2026 23:58
Sources 1
About this happening:
**Apple** released **out-of-band security updates** for **iPhone and iPad** on **April 22, 2026** to fix **CVE-2026-28950**. The patch addresses a **Notification Services** flaw t...
Apple out-of-band iOS/iPadOS security updates (CVE-2026-28950)
Security Patch ReleaseAbout this happening: **Apple** released **out-of-band security updates** for **iPhone and iPad** on **April 22, 2026** to fix **CVE-2026-28950**. The patch addresses a **Notification Services** flaw t...
Latest development: 23.04.2026 11:50
Apple issued **iOS 26.4.2**, **iPadOS 26.4.2**, **iOS 18.7.8**, and **iPadOS 18.7.8** on **2026-04-23** to close **CVE-2026-28950**, which could preserve deleted-message notifications on affected devices.
Coruna iOS exploit analysis ties updated Triangulation kernel exploit lineage
Technical Analysis
First: 26.03.2026 15:10
Last: 26.03.2026 15:10
Sources 1
About this happening:
**Coruna** has been linked to an **updated** exploit lineage from **Operation Triangulation**, showing that a long-running iPhone attack framework continues to evolve and can stil...
Coruna iOS exploit analysis ties updated Triangulation kernel exploit lineage
Technical AnalysisAbout this happening: **Coruna** has been linked to an **updated** exploit lineage from **Operation Triangulation**, showing that a long-running iPhone attack framework continues to evolve and can stil...
Apple Background Security Improvements WebKit patch (CVE-2026-20643)
Security Patch Release
First: 18.03.2026 03:06
Last: 18.03.2026 03:06
Sources 1
About this happening:
Apple's **first Background Security Improvements** release patches **CVE-2026-20643** in **WebKit**, letting **iPhones, iPads, and Macs** get a security fix **without a full OS up...
Apple Background Security Improvements WebKit patch (CVE-2026-20643)
Security Patch ReleaseAbout this happening: Apple's **first Background Security Improvements** release patches **CVE-2026-20643** in **WebKit**, letting **iPhones, iPads, and Macs** get a security fix **without a full OS up...
Apple security patch release for CVE-2023-43010
Security Patch Release
First: 12.03.2026 11:58
Last: 12.03.2026 11:58
Sources 1
About this happening:
**Apple** backported **Coruna-linked WebKit fixes** to **older iOS and iPadOS devices**, reducing exposure on legacy hardware that cannot move to the latest release. The update ex...
Apple security patch release for CVE-2023-43010
Security Patch ReleaseAbout this happening: **Apple** backported **Coruna-linked WebKit fixes** to **older iOS and iPadOS devices**, reducing exposure on legacy hardware that cannot move to the latest release. The update ex...
Timeline
-
11.09.2025 22:30 2 articles · 8mo ago
Apple releases a fix for CVE-2025-24132 in CarPlay and the AirPlay SDK
Mitigation Patch UpdateApple released fixes for CVE-2025-24132 affecting Apple CarPlay and the AirPlay software development kit (SDK), addressing a buffer overflow that could allow root-privilege remote code execution under USB, Internet, or Bluetooth access paths.
Show sources
- Apple CarPlay RCE Exploit Left Unaddressed in Most Cars — www.darkreading.com — 11.09.2025 22:30
- Apple CarPlay RCE Exploit Left Unaddressed in Most Cars — www.darkreading.com — 11.09.2025 22:30
-
11.09.2025 22:30 1 articles · 8mo ago
Oligo Security discloses the Apple CarPlay buffer overflow
Initial DisclosureResearchers from Oligo Security disclosed CVE-2025-24132, a zero-click Apple CarPlay buffer overflow with a medium 6.5 CVSS score that could allow attackers free reign over CarPlay and root-privilege remote code execution.
Show sources
- Apple CarPlay RCE Exploit Left Unaddressed in Most Cars — www.darkreading.com — 11.09.2025 22:30
-
11.09.2025 22:30 1 articles · 8mo ago
Patch adoption remains limited across vendors and car manufacturers
Mitigation Patch UpdateAs of 2025-09-11, only a small number of vendors had implemented the Apple fix for CVE-2025-24132 and no car manufacturers had done so, leaving many Apple CarPlay systems exposed because vehicles often require manual installs or dealership visits and must be adapted and validated across supplier and middleware chains.
Show sources
- Apple CarPlay RCE Exploit Left Unaddressed in Most Cars — www.darkreading.com — 11.09.2025 22:30