Get the latest tech news
0-Day iOS Exploit "Caught in the Wild" Released
Full Disclosure mailing list archives Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) From: josephgoyd via Fulldisclosure <fulldisclosure () seclists org> Date: Thu, 02 Oct 2025 21:45:21 +0000 Updated repo location: https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201 Working exploit: https://www.dropbox.com/scl/fi/ech6wdnpnyscbfiu2o8zh/IMG_1118.png?rlkey=jna5uo6aihs6tfbwtsk8fw7em&st=8c56raq8&dl=0 On Tue, Jun 10, 2025 at 10:48 AM, josephgoyd <[josephgoyd () proton me](mailto:On Tue, Jun 10, 2025 at 10:48 AM, josephgoyd <<a href=)> wrote: "Glass Cage" – Sophisticated Zero-Click iMessage Exploit ChainEnabling Persistent iOS Compromise and Device Bricking CVE-2025-24085, CVE-2025-24201(CNVD-2025-07885) Author: Joseph Goydish II Date: 06/10/2025 Release Type: Full Disclosure Platform Affected: iOS 18.2 (confirmed zero-day at time of discovery) Delivery Vector: iMessage (default configuration) Impact: Remote Code Execution, Privilege Escalation, Keychain Exfiltration, Persistent Access, Optional Device Bricking ---------------------------------------------------------------------- Summary: In December 2024, I discovered a previously undocumented zero-click exploit chain targeting iOS 18.2. The vulnerability chain, dubbed "Glass Cage," enables an attacker to compromise a device silently by sending a single malicious PNG image via iMessage.
None
Or read this on Hacker News