CVE-2016-4655

MEDIUM KEV RANSOMWARE

WebKit not_number defineProperties UAF

Title source: metasploit

Exploitation Summary

CVE-2016-4655 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 24, 2022, with confirmed use in ransomware campaigns. EIP tracks 3 public exploits from researchers including Metasploit, jndok, Cryptiiiic.

AI-analyzed exploit summary This Metasploit module exploits a use-after-free (UAF) vulnerability in WebKit's JavaScriptCore library (CVE-2016-4657) to achieve remote code execution on iOS devices. It leverages memory corruption techniques to bypass mitigations and execute arbitrary payloads.

Description

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteios

https://www.exploit-db.com/exploits/44836

View Code ZIP pw:eip

This Metasploit module exploits a use-after-free (UAF) vulnerability in WebKit's JavaScriptCore library (CVE-2016-4657) to achieve remote code execution on iOS devices. It leverages memory corruption techniques to bypass mitigations and execute arbitrary payloads.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: WebKit (JavaScriptCore) on Apple iOS

No auth needed

Prerequisites: Target must visit a malicious webpage or open a crafted link · Vulnerable version of WebKit on iOS

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 101 stars

by jndok · local

https://github.com/jndok/PegasusX

View Code ZIP pw:eip

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2016-4655 and CVE-2016-4656 on OS X 10.11.6. The exploit leverages kernel memory corruption via IOKit to achieve arbitrary code execution in kernel mode.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Apple OS X 10.11.6

No auth needed

Prerequisites: Access to a vulnerable OS X 10.11.6 system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 10 stars

by Cryptiiiic · poc

https://github.com/Cryptiiiic/skybreak

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2016-4655, targeting iOS 8.4.1. The exploit leverages a kernel memory leak vulnerability in the IOKit framework to extract the kernel slide (kslide) value, which is a critical step in bypassing kernel address space layout randomization (KASLR).

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Apple iOS 8.4.1

No auth needed

Prerequisites: Physical or remote access to a vulnerable iOS device running 8.4.1 · Ability to execute arbitrary code on the device (e.g., via a userland exploit)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1611 - Escape to Host

devstral-2 · analyzed Feb 18, 2026 Full analysis →