CalvinBackup/0day-GigaCage-Webkit
1
0
Fork 0
mirror of https://github.com/JGoyd/0day-GigaCage-Webkit.git synced 2026-03-04 20:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
6 Commits 1 Branch 0 Tags
9824149eecd79bb38b6c595e148dbc4e48e7396c
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Joseph Goydish II 9824149eec Delete crash_logs
2025-12-26 16:11:20 -05:00
README.md
Update README with Advisory ID formatting
2025-12-26 16:07:58 -05:00
VULNERABILITY_REPORT.md
Create VULNERABILITY_REPORT.md
2025-12-26 16:01:34 -05:00

README.md

WebKit Gigacage iOS 26.2 Zero-Day Impact Analysis

Advisory ID: [CVE Pending]

Status: Active Zero-Day Vulnerability

Overview

This repository documents an active zero-day integer overflow vulnerability in WebKits Gigacage implementation, affecting iOS 26.2 and related platforms. The flaw enables out-of-bounds memory access and process termination, with elevated risk of remote code execution if Gigacage protections are bypassed.

Contents

  • TECHNICAL_DISCLOSURE.md: Full technical advisory, including proof-of-concept code examples and analysis
  • crash_logs/: Crash logs from affected iOS 26.2 devices demonstrating reproducibility

Impact

  • Affected devices: iOS 26.2, potentially macOS Sequoia 15.x and WKWebView-based browsers
  • Current risk: Persistent Denial of Service (DoS)
  • Potential risk: Remote Code Execution (RCE)
  • Confirmed: 100% reproducibility on iOS 26.2

Purpose

Accelerate vendor triage and support mitigations. Intended for use by security engineers, defenders, and Apples security response teams.

Disclosure

SeeTECHNICAL_DISCLOSURE.md for PoC details, crash evidence, and remediation recommendations.

For authorized research and mitigation only. Unauthorized exploitation is prohibited.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 49 KiB
Languages
Markdown 100%