cd ../exploit-db
root@mhfh:~#cat /var/db/exploits/CVE-2024-23222.json
exploits/CVE-2024-23222.md
CVE-2024-23222iOSRCECritical
WebKit RCE via type confusion
- affected
- ≤17.3
- disclosed
- 2024-01-22
- discovered
- 2023-12-09
- patched
- 2024-01-22 (iOS 17.3)
- author
- Apple TRC / mhfh research
- platform
- iOS
## description
A type confusion in JavaScriptCore allows an attacker controlling a malicious web page to corrupt the JS heap and gain arbitrary read/write inside the Safari renderer. Chained with a sandbox escape it yields full RCE on iOS ≤ 17.3.
## impact
Drive-by remote code execution from a single visit to an attacker-controlled URL. Exploited in the wild against iPhone users.
## mitigation
Update to iOS/iPadOS 17.3 or later. Disable JIT via Lockdown Mode for at-risk users.
## proof of concept
// PoC trigger — JSC type confusion
function trigger() {
let arr = [1.1, 2.2, 3.3];
let oob = new ArrayBuffer(0x1000);
// confuse JSArray with ArrayBuffer view
arr.__proto__ = oob.__proto__;
return arr[0x100]; // OOB read
}