CVE-2024-23222

HIGH KEV

iPadOS < 16.7.5 - Remote Code Execution via Type Confusion

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-23222 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 23, 2024. EIP tracks 4 public exploits from researchers including Umit-MHL, Meysamshiralii, FuzzySecurity.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-23222, a WebKit type confusion vulnerability leading to a sandbox escape on iOS 16.4.1. The exploit chain includes a JSC JIT type confusion (Stage 1) and arbitrary native function calls (Stage 2), delivered via a single HTML page.

Description

A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.

Exploits (4)

nomisec WORKING POC
by Umit-MHL · poc
https://github.com/Umit-MHL/webkit-cve-2024-23222

This repository contains a functional exploit for CVE-2024-23222, a WebKit type confusion vulnerability leading to a sandbox escape on iOS 16.4.1. The exploit chain includes a JSC JIT type confusion (Stage 1) and arbitrary native function calls (Stage 2), delivered via a single HTML page.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: WebKit on iOS 16.4.1 (Safari)
No auth needed
Prerequisites: iPhone X (A11 Bionic) · iOS 16.4.1 · palera1n jailbreak
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec SUSPICIOUS
by Meysamshiralii · poc
https://github.com/Meysamshiralii/coruna_analysis

The repository claims to analyze CVE-2024-23222 but lacks technical details about the vulnerability itself. Instead, it directs users to download an external installer, which is a common tactic for distributing malware or fake exploits.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: iOS (unspecified version)
No auth needed
Prerequisites: iOS device · external installer download
devstral-2 · analyzed Mar 16, 2026 Full analysis →
nomisec WRITEUP
by FuzzySecurity · client-side
https://github.com/FuzzySecurity/Cassowary-CVE-2024-23222-x86_64

This repository provides a detailed technical analysis of CVE-2024-23222, a TOCTOU race condition in WebKit's JavaScriptCore DFG JIT compiler, including root cause analysis, patch details, and an adaptation of the exploit to Linux x86_64.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: WebKit JavaScriptCore (Safari 7617.1.17.13)
No auth needed
Prerequisites: Linux x86_64 environment · WebKit with concurrent DFG JIT enabled · AddressSanitizer for crash visibility
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec WRITEUP
by Rohitberiwala · poc
https://github.com/Rohitberiwala/CVE-2024-23222-Coruna-Exploit-Kit-Deobfuscated

This repository provides a detailed technical analysis and deobfuscation of the Coruna iOS Exploit Kit targeting CVE-2024-23222, a type confusion vulnerability in WebKit's JavaScriptCore. It includes architectural breakdowns, MITRE ATT&CK mappings, and deobfuscation methodologies but lacks functional exploit code.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: WebKit JavaScriptCore (iOS 13.0-17.x)
No auth needed
Prerequisites: iOS device running vulnerable WebKit version · ability to deliver malicious JavaScript payload
devstral-2 · analyzed Mar 10, 2026 Full analysis →

References (25)

Core 25
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214055
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214059
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT214061
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT214055
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT214056
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT214057
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT214058
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT214059
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT214061
Release Notes, Vendor Advisory
https://support.apple.com/kb/HT214063

Scores

CVSS v3 8.8
EPSS 0.1059
EPSS Percentile 95.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2024-01-23
VulnCheck KEV 2024-01-22
InTheWild.io 2024-01-22
ENISA EUVD EUVD-2024-20741
CWE
CWE-843
Status published
Products (15)
Apple/iOS and iPadOS < 15.8.7
Apple/iOS and iPadOS < 16.7.5
Apple/iOS and iPadOS < 17.3
apple/ipados < 16.7.5
apple/iphone_os < 16.7.5
apple/macos < 12.7.3
Apple/macOS < 12.7.3
Apple/macOS < 13.6.4
Apple/macOS < 14.3
Apple/Safari < 17.3
... and 5 more
Published Jan 23, 2024
KEV Added Jan 23, 2024
Tracked Since Feb 18, 2026