dirtyZero IPA: Hide Dock and Home Bar on ≤iOS 18.3.2 with CVE-2025-24203 exploit
A new proof-of-concept app named dirtyZero is leveraging a recently discovered vulnerability, tracked as CVE-2025-24203, to modify protected areas of macOS and iOS systems. The exploit, uncovered by Ian Beer of Google’s Project Zero, enables limited write access to read-only memory pages—though with a critical caveat: it can only zero out data on these pages, unlike the more versatile MacDirtyCow exploit that allowed arbitrary writes.
Disclosed through Google Project Zero’s issue tracker, the vulnerability exploits a memory management flaw in Apple’s operating systems. Dubbed BEHAVIOR_ZERO_WIRED_PAGES, the exploit grants apps the ability to overwrite read-only kernel memory pages by resetting their contents to zero. While this restricts attackers from writing custom data, it still poses significant risks, as zeroing out critical system data could destabilize devices or disable security mechanisms.
Notably, the bug affects iOS versions prior to 18.4, though Apple’s iOS 18.4 release notes do not explicitly acknowledge a fix. This omission raises concerns that the patch may have been silently deployed, leaving users unaware of their device’s vulnerability status.
dirtyZero IPA Download: Get the Newest Release
dirtyZero was released as an IPA package that can be installed using your favorite IPA Installer App. IPA is dedicated to standard sideloading apps on Apple devices. Download the latest version of dirtyZero IPA from the links available below. Once installed, you'll be able to customize your ≤ iOS 18.3.2 system.
dirtyZero: A Proof-of-Concept with Practical Tweaks
The dirtyZero app demonstrates the exploit’s potential by targeting user interface elements on iOS. On devices running iOS 18.3.2 and earlier, it allows users to hide the Dock and Home Bar—features typically restricted by Apple’s system protections. Developers hint that future updates could introduce more tweaks, depending on the exploit’s versatility.
However, dirtyZero’s current capabilities highlight a broader issue: even limited write access to protected memory could enable malicious actors to manipulate system behavior or bypass security checks. While the app is labeled a proof-of-concept, its existence underscores the urgency of patching affected devices.
Security Implications and Device Compatibility
The vulnerability affects both macOS and iOS, but the dirtyZero exploit currently targets iOS devices. Users running iOS 18.4 or later are likely protected, while those on older versions remain vulnerable. Apple’s vague release notes make it hard for users to confirm whether their devices are fully patched.
Although Apple seems to have addressed the issue in iOS 18.4, its lack of clarity leaves some uncertainty. Tools like dirtyZero highlight the fine line between customizing your device and keeping it secure.
For users, the best step is simple: update to iOS 18.4 or later and steer clear of unofficial tweaks that exploit vulnerabilities. For developers, dirtyZero shows that even “minor” exploits can cause real problems—and zero-day hunters are always on the lookout.
How to install dirtyZero IPA on iOS 18.3.2 and below
dirtyZero can be sideloaded on your iPhone or iPad using your favorite IPA installer. Download the most recent version of dirtyZero IPA and start tweaking your iPhone without the need to use a jailbreak. Please note that this is only a Proof-of-Concept tool.
Here's how to install dirtyZero IPA on iPhone:
- Download the latest dirtyZero IPA for iOS 18.
- Install Sideloadly for Windows or macOS.
- Sideload dirtyZero.IPA by following the guide Installing IPA on iPhone.
- Open the dirtyZero App from your Home Screen.
Important: You must respring your iOS device to apply changes. To restore the original system settings, simply restart your device. (A respring refreshes the UI without a full reboot, while a restart clears all temporary modifications.)
