WID-SEC-W-2024-0175

Affected Products

Exploit Intelligence

• CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)
• CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc)
• This script is designed to exploit a heap buffer overflow vulnerability in a socks5 proxy server. (github-poc-repo)
• Yang-Shun-Yu/CVE-2023-38545 (github-poc-repo)
• For all vicarius.io/vsoviety analysis (github-poc-repo)
• Network Security Project CVE-2023-38545 (github-poc-repo)
• Comprehensive deobfuscated research of the Coruna iOS exploit kit targeting CVE-2024-23222. Analysis of WebKit Type Confusion, PAC Bypass, and Sandbox Escape (github-poc-repo)
• Adaptation of Cassowary CVE-2024-23222 for Linux x86_64 (github-poc-repo)
• Analyze and deobfuscate the Coruna Exploit Kit (CVE-2024-23222) to enhance understanding and detection of related threats. (github-poc-repo)
• Analyze and deobfuscate the Coruna Exploit Kit (CVE-2024-23222) to enhance understanding and detection of related threats. (github-poc)

…and 41 more exploits

Timeline

• Jan 22, 2024 CVE Published
• May 9, 2024 CVE Updated

References

• https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0175.json advisory
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0175 advisory
• https://support.apple.com/kb/HT214057 url
• https://support.apple.com/kb/HT214058 url
• https://support.apple.com/kb/HT214061 url