Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)

[josephgoyd via Fulldisclosure <fulldisclosure () seclists org>]

Updated repo location: https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201

Working exploit: 
https://www.dropbox.com/scl/fi/ech6wdnpnyscbfiu2o8zh/IMG_1118.png?rlkey=jna5uo6aihs6tfbwtsk8fw7em&st=8c56raq8&dl=0

On Tue, Jun 10, 2025 at 10:48 AM, josephgoyd <[josephgoyd () proton me](mailto:On Tue, Jun 10, 2025 at 10:48 AM, 
josephgoyd <<a href=)> wrote:

> "Glass Cage" – Sophisticated Zero-Click iMessage Exploit ChainEnabling Persistent iOS Compromise and Device Bricking
>
> CVE-2025-24085, CVE-2025-24201(CNVD-2025-07885)
>
> Author: Joseph Goydish II
> Date: 06/10/2025
> Release Type: Full Disclosure
> Platform Affected: iOS 18.2 (confirmed zero-day at time of discovery)
> Delivery Vector: iMessage (default configuration)
> Impact: Remote Code Execution, Privilege Escalation, Keychain Exfiltration,
> Persistent Access, Optional Device Bricking
>
> ----------------------------------------------------------------------
>
> Summary:
>
> In December 2024, I discovered a previously undocumented zero-click exploit
> chain targeting iOS 18.2. The vulnerability chain, dubbed "Glass Cage," enables
> an attacker to compromise a device silently by sending a single malicious PNG
> image via iMessage.
>
> The exploit bypasses multiple layers of Apple's defenses, including BlastDoor,
> WebKit sandboxing, and CoreMedia memory protections. Once triggered, the
> payload escalates to kernel-level access, extracts iCloud Keychain data,
> alters Wi-Fi proxy settings, establishes persistence, and can optionally
> irreversibly brick the device.
>
> This attack chain resulted in the discovery of two CVEs:
>
> - CVE-2025-24085: CoreMedia use-after-free (kernel-level code execution)
> Patched by Apple on January 27, 2025
>
> - CVE-2025-24201: WebKit path injection (RCE via asset misresolution)
> Patched by Apple on March 11, 2025
>
> Neither CVE was attributed to me, and MITRE did not respond to my direct CVE
> requests. I submitted the CoreMedia issue to CNVD, which acknowledged it as
> CNVD-2025-07885 and issued certificate CNVD-YCGO-202504012519.
>
> ----------------------------------------------------------------------
>
> Technical Summary:
>
> - BlastDoor bypass via malformed HEIF/ASTC metadata
> - QuickLook sandbox escape via in-process thumbnail rendering
> - CVE-2025-24201: WebKit path injection -> remote code execution
> - CVE-2025-24085 (also CNVD-2025-07885): CoreMedia use-after-free -> kernel
> execution
> - Persistence via unauthorized launchd daemon
> - Optional device bricking via IODeviceTree parameter manipulation
>
> ----------------------------------------------------------------------
>
> Reproduction:
>
> 1. Craft HEIF image with malformed EXIF and ASTC decoder parameters
> 2. Wrap in WebP container to evade MIME filters
> 3. Send via iMessage to a default iOS 18.2 device
> 4. Preview pipeline triggers exploit chain automatically
> 5. Achieves code execution, kernel escalation, persistence, and optional
> bricking
>
> ----------------------------------------------------------------------
>
> Impact:
>
> - Full remote device takeover with zero user interaction
> - Kernel-level code execution
> - iCloud Keychain and secret exfiltration
> - Wi-Fi proxy hijack via wifid manipulation
> - Persistent launch daemon injection
> - Optional device bricking as a cleanup payload
> - Forensic evasion through log suppression and timestamp manipulation
>
> ----------------------------------------------------------------------
>
> Disclosure Timeline:
>
> - Dec 18, 2024: Discovered in-the-wild on iOS 18.2
> Reported to Apple (Report ID: OE19648727267113)
> - Dec 19–25, 2024: Multiple follow-ups and log/video submissions to Apple
> - Jan 9, 2025: Re-submitted to Apple and reported to US-CERT
> - Jan 27, 2025: Apple patches CVE-2025-24085 (CoreMedia use-after-free)
> - Mar 11, 2025: Apple patches CVE-2025-24201 (WebKit path injection)
> - MITRE did not respond to CVE requests; neither CVE attributed to me
> - Apr 2025: CNVD registers CoreMedia UAF as CNVD-2025-07885
> - Jun 2025: Full public disclosure due to vendor silence and lack of credit
>
> ----------------------------------------------------------------------
>
> Vendor Communication Summary:
>
> Between Dec 18, 2024 and Jan 6, 2025, I maintained active communication with Apple
> Product Security. I provided:
>
> - A working exploit and secure download link
> - Timestamped logs demonstrating iCloud Keychain and Contacts access
> - Syslogs confirming activity from CoreMedia, QuickLook, and locationd
> - Video evidence and forensic breakdowns
> - Logs verifying access to Contacts, Biome resources, and geolocation data
> - Confirmation of BlastDoor sandbox bypass during message preview
> - Multiple follow-ups requesting clarification on what was needed for Apple
> to begin investigation
>
> Despite these efforts, Apple never confirmed the nature of the zero-day, nor
> attributed either CVE to my original submission. MITRE did not respond to my
> CVE requests. CNVD independently validated and credited the CoreMedia
> discovery as CNVD-2025-07885.
>
> In the absence of vendor attribution, international recognition via CNVD establishes verifiable authorship.
> ----------------------------------------------------------------------
>
> Certification:
>
> The CoreMedia vulnerability was formally recognized by the China National
> Vulnerability Database (CNVD) under the ID CNVD-2025-07885.
> Certificate ID: CNVD-YCGO-202504012519
> Attached in PDF format for verification.
>
> ----------------------------------------------------------------------
>
> Full Technical Disclosure:
>
> [Glass Cage iOS Attack Chain](https://weareapartyof1.substack.com/p/glass-cage-zero-day-imessage-attack)
>
> ----------------------------------------------------------------------
>
> Request for Feedback:
>
> If you have additional insights, independent validation, or questions about
> any aspect of this disclosure; I welcome peer review, reproduction, and independent validation to strengthen the 
> public record this disclosure creates.
>
> ----------------------------------------------------------------------
> Contact:
>
> Joseph Goydish II
> josephgoyd () proton me
> https://www.linkedin.com/in/josephg007/
>
> ----------------------------------------------------------------------
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/