Associated Vulnerability
Title:Apple iOS和Apple iPadOS 资源管理错误漏洞 (CVE-2025-24085)Description:A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Description
Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, exploiting WebKit (CVE-2025-24201) and Core Media (CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction.
Readme
# Glass Cage: Zero-Click PNG Exploit Chain for iOS 18.2.1
**CVE-2025-24201** – WebKit Remote Code Execution
**CVE-2025-24085** – Core Media Privilege Escalation
**Reported to Apple:** January 9, 2025
**Patched:** February–March 2025
**Tested On:** iPhone 14 Pro Max (iOS 18.2.1)
**CVSS Base Score:** 9.8 (Critical)
---
## Summary
**Glass Cage** is a critical, zero-click PNG-based exploit chain discovered **in the wild** targeting iOS 18.2.1. The attack was actively observed on a compromised device and confirmed to be used against real-world targets prior to vendor patching.
A malicious PNG image sent via iMessage initiates the chain by triggering automatic parsing in `MessagesBlastDoorService`. The image exploits a WebKit heap corruption vulnerability (CVE-2025-24201), followed by a sandbox escape and a kernel-level privilege escalation in Core Media (CVE-2025-24085).
The chain ultimately provides attackers with root-level access, persistent control, keychain exfiltration, and even the ability to irreversibly brick devices via IORegistry manipulation. No user interaction is required.
---
## Exploit Chain
1. **Malicious PNG Creation**
- Embedded HEIF payloads with malformed EXIF fields
- Triggers heap corruption in `ATXEncoder`
2. **Silent Trigger via iMessage**
- File auto-processed by `MessagesBlastDoorService`
- RCE achieved through WebKit (CVE-2025-24201)
3. **Sandbox Escape**
- WebKit bypasses resource isolation to access private assets
4. **Privilege Escalation**
- Core Media flaw (CVE-2025-24085) enables kernel access
- Exploits `mediaplaybackd`, `codecctl`, and `IOHIDInterface`
5. **Persistence and Bricking**
- Injects rogue daemons via `launchd`
- Hijacks network through `wifid`
- Bricks device via IORegistry modification
---
## Indicators of Compromise
- WebKit resource lookups for internal assets
- Rogue IP assignment: `172.16.101.176`
- Modified proxy settings in `wifid`
- Abnormal access to `CloudKeychainProxy`
- IORegistry value: `IOAccessoryPowerSourceItemBrickLimit = 0`
---
## Timeline
| Date | Event |
|--------------|-------------------------------------------------|
| Jan 9, 2025 | Exploit chain observed in the wild |
| Jan 9, 2025 | Initial report submitted to US Cert & Apple |
| Feb 20, 2025 | CVE-2025-24085 patched (Core Media) |
| Mar 7, 2025 | CVE-2025-24201 patched (WebKit) |
| Mar 18, 2025 | CNVD-2025-06744 registered |
| Apr 22, 2025 | CNVD-2025-07885 registered |
---
## Disclosure
This exploit chain was discovered being used in the wild and responsibly disclosed to Apple. Patches have since been released. At the time of discovery, active exploitation was confirmed.
---
## CNVD Certification
This research has been independently verified and certified by the **China National Vulnerability Database (CNVD)**. These official certificates confirm the high-risk status of both vulnerabilities used in the Glass Cage exploit chain:
- **CNVD-2025-07885** – Use-After-Free in Apple Media Services
- **CNVD-2025-06744** – Buffer Overflow in Apple iOS/iPadOS Core Media
**Researcher:** Joseph Goydish II
**Submission Type:** Personal Researcher Submission
**Certification Authority:** CNCERT / CNVD
---
## MITRE ATT&CK Mapping
| Tactic | Technique |
|---------------------|--------------------------------------|
| Initial Access | T1203 – Exploitation for Client Exec |
| Execution | T1059 – Command and Scripting Interp |
| Persistence | T1547 – Boot or Logon Autostart Exec |
| Privilege Escalation| T1068 – Exploitation for Priv Esc |
| Defense Evasion | T1140 – Deobfuscate/Decode Files |
| Impact | T1499 – Endpoint Denial of Service |
---
## Legal Notice
This repository is provided for **research and educational purposes only**.
The techniques described must **not** be used against systems without proper authorization.
The author assumes **no liability** for misuse or damage resulting from the information contained herein.
---
## References
- CVE-2025-24085 – Core Media Privilege Escalation
- CVE-2025-24201 – WebKit Remote Code Execution
- CNVD-2025-06744 – iOS/iPadOS Buffer Overflow
- CNVD-2025-07885 – Use-After-Free in Apple Media Services
---
File Snapshot
[4.0K] /data/pocs/42013b73175befa9e082f466c30fe59d2f9df81d
├── [684K] CNVD-2025-06744 Certificate
├── [684K] CNVD-2025-07885 Certificate
├── [7.1K] Glass Cage Report.md
└── [4.4K] README.md
0 directories, 4 files
Remarks
1. It is advised to access via the original source first.
2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →