Discussion
"Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
「 The vulnerability chain, dubbed "Glass Cage," enables an attacker to compromise a device silently by sending a single malicious PNG image via iMessage 」
「 The exploit bypasses multiple layers of Apple's defenses, including BlastDoor, WebKit sandboxing, and CoreMedia memory protections. Once triggered, the payload escalates to kernel-level access, extracts iCloud Keychain data, alters Wi-Fi proxy settings, establishes persistence, and can optionally irreversibly brick the device 」
A space for Bonfire maintainers and contributors to communicate
