CalvinBackup/0day-GigaCage-Webkit
1
0
Fork 0
mirror of https://github.com/JGoyd/0day-GigaCage-Webkit.git synced 2026-02-12 18:52:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
15 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

WebKit Gigacage iOS 26.2

Advisory ID: [CVE Pending]

Webkit Bug: #304711 Apple Tracking ID: OE01004904221848

Overview

This repository documents an active zero-day integer overflow vulnerability in WebKits Gigacage implementation, affecting iOS 26.2 and related platforms. The flaw enables out-of-bounds memory access and process termination, with elevated risk of remote code execution if Gigacage protections are bypassed.

Contents

  • VULNERABILITY_REPORT.md: Full technical advisory, including proof-of-concept code examples and analysis
  • crash_logs/: Crash logs from affected iOS 26.2 devices demonstrating reproducibility

Impact

  • Affected devices: iOS 26.2, potentially macOS Sequoia 15.x and WKWebView-based browsers
  • Current risk: Persistent Denial of Service (DoS)
  • Potential risk: Remote Code Execution (RCE)
  • Confirmed: 100% reproducibility on iOS 26.2

Purpose

Accelerate vendor triage and support mitigations. Intended for use by security engineers, defenders, and Apples security response teams.

Disclosure

SeeVULNERABILITY_REPORT.md for PoC details, crash evidence, and remediation recommendations.

For authorized research and mitigation only. Unauthorized exploitation is prohibited.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 49 KiB
Languages
Markdown 100%