CalvinBackup/0day-GigaCage-Webkit
1
0
Fork 0
mirror of https://github.com/JGoyd/0day-GigaCage-Webkit.git synced 2026-02-12 20:53:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
12 Commits 1 Branch 0 Tags
b72d131b00569c2259aa2ed3521208dfa2069de9
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Joseph Goydish II b72d131b00 Update VULNERABILITY_REPORT.md
2025-12-26 16:23:43 -05:00
crash_logs
Delete crash_logs/readme
2025-12-26 16:13:22 -05:00
README.md
Update README.md
2025-12-26 16:15:42 -05:00
VULNERABILITY_REPORT.md
Update VULNERABILITY_REPORT.md
2025-12-26 16:23:43 -05:00

README.md

WebKit Gigacage iOS 26.2

Advisory ID: [CVE Pending]

Status: Active Zero-Day Vulnerability

Overview

This repository documents an active zero-day integer overflow vulnerability in WebKits Gigacage implementation, affecting iOS 26.2 and related platforms. The flaw enables out-of-bounds memory access and process termination, with elevated risk of remote code execution if Gigacage protections are bypassed.

Contents

  • TECHNICAL_DISCLOSURE.md: Full technical advisory, including proof-of-concept code examples and analysis
  • crash_logs/: Crash logs from affected iOS 26.2 devices demonstrating reproducibility

Impact

  • Affected devices: iOS 26.2, potentially macOS Sequoia 15.x and WKWebView-based browsers
  • Current risk: Persistent Denial of Service (DoS)
  • Potential risk: Remote Code Execution (RCE)
  • Confirmed: 100% reproducibility on iOS 26.2

Purpose

Accelerate vendor triage and support mitigations. Intended for use by security engineers, defenders, and Apples security response teams.

Disclosure

SeeTECHNICAL_DISCLOSURE.md for PoC details, crash evidence, and remediation recommendations.

For authorized research and mitigation only. Unauthorized exploitation is prohibited.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 49 KiB
Languages
Markdown 100%