Exploitation Summary
CVE-2025-43529 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 15, 2025. EIP tracks 11 public exploits from researchers including zeroxjf, jir4vv1t, bjrjk.
AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2025-43529 and CVE-2025-14174, targeting WebKit and ANGLE on iOS 26.1. It demonstrates a Use-After-Free (UAF) vulnerability in JavaScriptCore and an Out-of-Bounds (OOB) write in ANGLE, with verified primitives for address leaking and type confusion.
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Exploits (11)
This repository contains a proof-of-concept exploit for CVE-2025-43529 and CVE-2025-14174, targeting WebKit and ANGLE on iOS 26.1. It demonstrates a Use-After-Free (UAF) vulnerability in JavaScriptCore and an Out-of-Bounds (OOB) write in ANGLE, with verified primitives for address leaking and type confusion.
This repository contains a detailed writeup and analysis of CVE-2025-43529, a use-after-free vulnerability in WebKit's DFG JIT compiler due to a missing StoreBarrier insertion. The vulnerability affects iOS 26.1, iPadOS 26.1, and macOS Tahoe 26.0.1.
This repository provides a root cause analysis for CVE-2025-43529, a UAF vulnerability in JavaScriptCore due to incorrect DFG StoreBarrierInsertionPhase. It includes a PDF analysis and references an external exploit by @jir4vv1t.
This repository provides a technical writeup detailing the exploitation of CVE-2025-43529 on iOS 26.1, focusing on achieving arbitrary read/write primitives using the Darksword scribble method. It discusses the steps involved, including bootstrapping addrof and fakeobj primitives, disabling garbage collection, and the potential for a PAC bypass and sandbox escape via ANGLE-OOB.
This PoC exploits a Use-After-Free (UAF) vulnerability in WebKit (CVE-2025-43529) by desynchronizing the garbage collector from the GPU's Metal command buffer using a timed WebGL attack. It targets Apple Silicon devices running iOS 26.1+ or macOS Tahoe, bypassing hardware-level memory protections like EMTE and MIE.
This repository contains a functional exploit PoC for CVE-2025-43529, demonstrating a UAF (Use-After-Free) vulnerability in WebKit on iOS 26.1. The exploit leverages memory corruption to achieve arbitrary read/write primitives, though it is blocked by PAC (Pointer Authentication Code) protections.
This repository provides a static analysis of the DarkSword iOS WebKit exploit chain, focusing on CVE-2025-31277 and CVE-2025-43529. It includes references to external sources and aims to document the exploit chain's delivery, staging, and breakdown for educational purposes.
The repository contains only a minimal README with a CVE reference and no functional exploit code or technical details. It appears to be a placeholder or incomplete project.
The repository appears to be a writeup or documentation for a project called 'telegram,' a minimalist bookmarking application. No exploit code or proof-of-concept is present in the provided files.
The repository lacks actual exploit code or technical analysis, instead directing users to external downloads via GitHub releases. The README is marketing-focused with no substantive details about the vulnerabilities.
This is a JavaScript-based PoC for CVE-2025-43529, targeting a WebKit use-after-free vulnerability in iOS Safari. It uses a temporal resonance technique to exploit memory corruption for RCE.
References (8)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H