Post · bonfire.cafe

"Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)

｢ The vulnerability chain, dubbed "Glass Cage," enables an attacker to compromise a device silently by sending a single malicious PNG image via iMessage ｣

#zeroclick #ios #cybersecurity

jbz

@jbz@indieweb.social replied · 3 days ago

｢ The exploit bypasses multiple layers of Apple's defenses, including BlastDoor, WebKit sandboxing, and CoreMedia memory protections. Once triggered, the payload escalates to kernel-level access, extracts iCloud Keychain data, alters Wi-Fi proxy settings, establishes persistence, and can optionally irreversibly brick the device ｣

#zeroclick #ios #cybersecurity

https://seclists.org/fulldisclosure/2025/Oct/1

Full Disclosure: Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.1 no JS en

Automatic federation enabled