CVE-2025-24201 – WebKit Remote Code Execution
CVE-2025-24085 – Core Media Privilege Escalation
Reported to Apple: January 9, 2025
Patched: February–March 2025
Tested On: iPhone 14 Pro Max (iOS 18.2.1)
CVSS Base Score: 9.8 (Critical)
Glass Cage is a critical, zero-click PNG-based exploit chain discovered in the wild targeting iOS 18.2.1. The attack was actively observed on a compromised device and confirmed to be used against real-world targets prior to vendor patching.
A malicious PNG image sent via iMessage initiates the chain by triggering automatic parsing in MessagesBlastDoorService. The image exploits a WebKit heap corruption vulnerability (CVE-2025-24201), followed by a sandbox escape and a kernel-level privilege escalation in Core Media (CVE-2025-24085).
The chain ultimately provides attackers with root-level access, persistent control, keychain exfiltration, and even the ability to irreversibly brick devices via IORegistry manipulation. No user interaction is required.
-
Malicious PNG Creation
- Embedded HEIF payloads with malformed EXIF fields
- Triggers heap corruption in
ATXEncoder
-
Silent Trigger via iMessage
- File auto-processed by
MessagesBlastDoorService - RCE achieved through WebKit (CVE-2025-24201)
- File auto-processed by
-
Sandbox Escape
- WebKit bypasses resource isolation to access private assets
-
Privilege Escalation
- Core Media flaw (CVE-2025-24085) enables kernel access
- Exploits
mediaplaybackd,codecctl, andIOHIDInterface
-
Persistence and Bricking
- Injects rogue daemons via
launchd - Hijacks network through
wifid - Bricks device via IORegistry modification
- Injects rogue daemons via
- WebKit resource lookups for internal assets
- Rogue IP assignment:
172.16.101.176 - Modified proxy settings in
wifid - Abnormal access to
CloudKeychainProxy - IORegistry value:
IOAccessoryPowerSourceItemBrickLimit = 0
| Date | Event |
|---|---|
| Jan 9, 2025 | Exploit chain observed in the wild |
| Jan 9, 2025 | Initial report submitted to US Cert & Apple |
| Feb 20, 2025 | CVE-2025-24085 patched (Core Media) |
| Mar 7, 2025 | CVE-2025-24201 patched (WebKit) |
| Mar 18, 2025 | CNVD-2025-06744 registered |
| Apr 22, 2025 | CNVD-2025-07885 registered |
This exploit chain was discovered being used in the wild and responsibly disclosed to Apple. Patches have since been released. At the time of discovery, active exploitation was confirmed.
This research has been independently verified and certified by the China National Vulnerability Database (CNVD). These official certificates confirm the high-risk status of both vulnerabilities used in the Glass Cage exploit chain:
-
CNVD-2025-07885 – Use-After-Free in Apple Media Services
-
CNVD-2025-06744 – Buffer Overflow in Apple iOS/iPadOS Core Media
Researcher: Joseph Goydish II
Submission Type: Personal Researcher Submission
Certification Authority: CNCERT / CNVD
| Tactic | Technique |
|---|---|
| Initial Access | T1203 – Exploitation for Client Exec |
| Execution | T1059 – Command and Scripting Interp |
| Persistence | T1547 – Boot or Logon Autostart Exec |
| Privilege Escalation | T1068 – Exploitation for Priv Esc |
| Defense Evasion | T1140 – Deobfuscate/Decode Files |
| Impact | T1499 – Endpoint Denial of Service |
This repository is provided for research and educational purposes only.
The techniques described must not be used against systems without proper authorization.
The author assumes no liability for misuse or damage resulting from the information contained herein.
- CVE-2025-24085 – Core Media Privilege Escalation
- CVE-2025-24201 – WebKit Remote Code Execution
- CNVD-2025-06744 – iOS/iPadOS Buffer Overflow
- CNVD-2025-07885 – Use-After-Free in Apple Media Services