CVE-2024-24085

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions iOS version 18.2.1

Description A zero-click attack on an iOS device leverages a vulnerability in Core Media, allowing attackers to deliver a malicious iMessage containing a specially crafted HEIF image. The exploit bypasses Apple’s BlastDoor sandbox, triggering a WebKit remote code execution (RCE) that results in unauthorized keychain access and network redirection. The attack follows a sophisticated methodology similar to the "Operation Triangulation" cyber espionage campaign.

The estimated number of potentially affected devices worldwide is not specified. However, the vulnerability enables remote code execution and provides persistence mechanisms, posing a critical security risk to iOS users.

Technical details about exploitation include:

API Endpoints: None explicitly mentioned
Vulnerable Parameters or Variables: apsd, launchd, CloudKeychainProxy, syncdefaultsd, wifid, WebKit
Function Names: None explicitly mentioned

Recommendations For iOS version 18.2.1:

Blocklist rogue IPs: 172.16.101.176, 172.16.101.254
Investigate keychain access logs for potential exfiltrated credentials
Review WebKit exploit logs and patch known vulnerabilities
Validate network and proxy configurations to detect unauthorized modifications
Strengthen iMessage sandboxing to prevent HEIF-based exploits
Implement anomaly detection for rogue Wi-Fi proxy overrides
Enhance WebKit monitoring for unauthorized resource requests
Apply patches and updates to iOS devices to mitigate the vulnerability

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-24085

Affected Products

Coremedia

Webkit

Ios

CVE-2024-24085

Related Identifiers

Affected Products

References · 2