CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Unpatched Apple CarPlay RCE Exploit in Most Vehicles

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A zero-click remote code execution (RCE) vulnerability in Apple CarPlay (CVE-2025-24132) remains unpatched in most vehicles nearly half a year after the patch was released. The vulnerability allows attackers to gain control over CarPlay with minimal user interaction. The issue affects vehicles that use CarPlay and have not applied the patch released in April 2025. The vulnerability can be exploited via USB, Wi-Fi, or Bluetooth connections. Attackers can gain access to CarPlay by exploiting weak or default passwords and using Bluetooth pairing methods that lack proper security measures. The exploit leverages the iAP2 protocol, which authenticates only in one direction, allowing attackers to masquerade as legitimate devices. The impact of the vulnerability includes potential spying on drivers, eavesdropping on conversations, and distracting drivers while on the road. The automotive industry's slow update cycles and lack of standardization contribute to the delay in patching this vulnerability.

Timeline

  1. 11.09.2025 22:30 1 articles · 18d ago

    Unpatched Apple CarPlay RCE Exploit in Most Vehicles

    A zero-click remote code execution (RCE) vulnerability in Apple CarPlay (CVE-2025-24132) remains unpatched in most vehicles nearly half a year after the patch was released. The vulnerability allows attackers to gain control over CarPlay with minimal user interaction. The issue affects vehicles that use CarPlay and have not applied the patch released in April 2025. The vulnerability can be exploited via USB, Wi-Fi, or Bluetooth connections. Attackers can gain access to CarPlay by exploiting weak or default passwords and using Bluetooth pairing methods that lack proper security measures. The exploit leverages the iAP2 protocol, which authenticates only in one direction, allowing attackers to masquerade as legitimate devices. The impact of the vulnerability includes potential spying on drivers, eavesdropping on conversations, and distracting drivers while on the road. The automotive industry's slow update cycles and lack of standardization contribute to the delay in patching this vulnerability.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Cisco IOS and IOS XE SNMP Zero-Day Exploited in Attacks

Cisco has released security updates to address a high-severity zero-day vulnerability (CVE-2025-20352) in Cisco IOS and IOS XE Software. The flaw is a stack-based buffer overflow in the Simple Network Management Protocol (SNMP) subsystem, actively exploited in attacks. This vulnerability allows authenticated, remote attackers to cause denial-of-service (DoS) conditions or gain root control of affected systems. The vulnerability impacts all devices with SNMP enabled, including specific Cisco devices running Meraki CS 17 and earlier. Cisco advises customers to upgrade to a fixed software release, specifically Cisco IOS XE Software Release 17.15.4a, to remediate the vulnerability. Temporary mitigation involves limiting SNMP access to trusted users and disabling the affected Object Identifiers (OIDs) on devices. Additionally, Cisco patched 13 other security vulnerabilities, including two with available proof-of-concept exploit code. Cisco also released patches for 14 vulnerabilities in IOS and IOS XE, including eight high-severity vulnerabilities. Proof-of-concept exploit code exists for two of the vulnerabilities, but exploitation is not confirmed. Three additional medium-severity bugs affect Cisco’s SD-WAN vEdge, Access Point, and Wireless Access Point (AP) software.

Open in new tab

ShadowLeak: Undetectable Email Theft via AI Agents

A new attack vector, dubbed ShadowLeak, allows hackers to invisibly steal emails from users who integrate AI agents like ChatGPT with their email inboxes. The attack exploits the lack of visibility into AI processing on cloud infrastructure, making it undetectable to the user. The vulnerability was discovered by Radware and reported to OpenAI, which addressed it in August 2025. The attack involves embedding malicious code in emails, which the AI agent processes and acts upon without user awareness. The attack leverages an indirect prompt injection hidden in email HTML, using techniques like tiny fonts, white-on-white text, and layout tricks to remain undetected by the user. The attack can be extended to any connector that ChatGPT supports, including Box, Dropbox, GitHub, Google Drive, HubSpot, Microsoft Outlook, Notion, or SharePoint. The ShadowLeak attack targets users who connect AI agents to their email inboxes, such as those using ChatGPT with Gmail. The attack is non-detectable and leaves no trace on the user's network. The exploit involves embedding malicious code in emails, which the AI agent processes and acts upon, exfiltrating sensitive data to an attacker-controlled server. OpenAI acknowledged and fixed the issue in August 2025, but the exact details of the fix remain unclear. The exfiltration in ShadowLeak occurs directly within OpenAI's cloud environment, bypassing traditional security controls.

Open in new tab

Image I/O Framework Zero-Day Exploited in Targeted Attacks

The zero-day vulnerability CVE-2025-43300 in Apple's Image I/O framework was exploited in targeted attacks against specific individuals. The flaw, an out-of-bounds write issue, was used in combination with a WhatsApp zero-day flaw (CVE-2025-55177) in sophisticated attacks potentially involving nation-state actors or spyware activity. The vulnerability affects multiple iOS, iPadOS, and macOS versions, as well as various iPhone, iPad, and Mac models. Apple has backported fixes for CVE-2025-43300 to older versions, including iOS 16.7.12, iPadOS 16.7.12, iOS 15.8.5, and iPadOS 15.8.5. Users are advised to update promptly to mitigate potential ongoing attacks. The flaw was discovered by Apple security researchers and impacts both older and newer devices. This is the seventh zero-day exploited in the wild since the start of the year. The flaw was addressed with improved bounds checking. Apple has patched a total of seven zero-day vulnerabilities exploited in the wild since the start of the year. The vulnerability was exploited in targeted attacks against specific individuals. Affected devices include iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPhone 8, iPhone 8 Plus, iPhone X, iPad Air 2, iPad mini (4th generation), iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation, iPod touch (7th generation), and Macs running macOS Sequoia, Sonoma, and Ventura. WhatsApp has also addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with the Apple flaw in targeted zero-day attacks. The WhatsApp vulnerability, CVE-2025-55177, is an insufficient authorization flaw in linked device synchronization messages. The flaw affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS version 2.25.21.78, and WhatsApp for Mac version 2.25.21.78. WhatsApp notified less than 200 users that they were targeted in an advanced spyware campaign over the last 90 days.

Open in new tab