CVE-2024-23222 — Vulnetix

CVE-2024-23222 PUBLISHED KEV

EPSS 0.62% · 70.4th percentile

Risk Scores

EPSS Score

0.62%

70.4th percentile

Affected Products

Vendor	Product	Versions
Amazon	webkitgtk4

Exploit Intelligence

CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)
CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)
CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)
CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)
CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)
CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)
CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)
CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)
CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)
CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)

…and 855 more exploits

Timeline

Jun 9, 2023 PoC Published
Jul 15, 2023 PoC Published
Nov 4, 2023 PoC Published
Dec 8, 2023 PoC Published
Jan 22, 2024 PoC Published
Jan 22, 2024 CVE Published
Jan 23, 2024 CISA KEV Added
Jan 23, 2024 PoC Published
Jan 23, 2024 PoC Published
Jan 23, 2024 PoC Published
Jan 24, 2024 EPSS Score
Feb 21, 2024 EPSS Score

References

ALAS2-2024-2434: webkitgtk4 (important) advisory

Open in Interactive Console →