CalvinBackup/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201
1
0
Fork 0
mirror of https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201.git synced 2026-02-12 12:52:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Glass Cage Report.md

Browse Source
This commit is contained in:
Joseph Goydish II
2025-11-25 22:52:04 -05:00
committed by GitHub
parent 843a862237
commit 499edde553
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Glass Cage Report.md
View File

@@ -2,7 +2,7 @@
**Prepared By:** Joseph Goydish II
**Date Submitted to Vendor:** December 18, 2024
**CVE Identifiers:** CVE-2025-24085 (Core Media Privilege Escalation), CVE-2025-24201 (WebKit RCE)
**CVE Identifiers:** CVE-2025-24085 (Core Media Privilege Escalation), CVE-2025-24201 (WebKit RCE), CVE-2025-43300
**Affected Devices:** iPhone 14 Pro Max, iOS 18.2.1
---
@@ -56,7 +56,7 @@ The exploit is **completely silent**, requiring **no user interaction**, and per
### **Stage 2 — Delivery via iMessage (confirmed zero-click)**
### **Stage 2 — Delivery via iMessage (CVE-2025-43300)**
- **Delivery Method:** PNG container sent over iMessage.
- **Zero-click Behavior:** On receipt, the system automatically stages the attachment and generates a thumbnail—no user interaction required.
@@ -83,7 +83,6 @@ The exploit is **completely silent**, requiring **no user interaction**, and per
- `MessagesBlastDoorService` log shows auto-decoding activity during staging.
- `UserNotificationsServer` log shows the secure-copy staging step, which triggers thumbnail generation and decoder invocation.
---
### Outcome
- **Confirmed impact:** Heap corruption in `ATXEncoder` and WebKit during thumbnail generation results in **reliable zero-click remote code execution**.