Out-of-bounds memory access in ANGLE in Google Chrome on Mac

This repository is a standalone iOS/macOS research PoC for a dyld chained-fixup/page-in-linking attack surface associated with CVE-2026-20700, not a framework module. Its purpose is to demonstrate that dyld can be coerced into producing PAC-valid function pointers and writing them into attacker-chosen slots inside a crafted Mach-O dylib, then show those pointers being executed through normal control flow. Structure: the Makefile orchestrates the full pipeline; src/launcher.c is the main iOS launcher; generators/gen_exports.py creates exports.c with ~N dummy exported symbols; generators/gen_client.py creates client.c with ~N imports and also emits a simple generated launcher variant used to stress dyld with a small-stack dlopen path; generators/gen_malformed_dylib.py is the core exploit generator that builds libmalformed.dylib byte-by-byte with custom LC_DYLD_CHAINED_FIXUPS metadata and malformed/controlled chain data; tools/inspect_fixups.py parses LC_DYLD_CHAINED_FIXUPS for sanity checking; tools/scan_pointers.py inspects Mach-O pointer sections; blog/ contains detailed English and Italian write-ups. Main exploit capabilities: (1) generate a malformed Mach-O dylib whose chained fixups cause dyld to resolve imported symbols and write PAC-valid pointers into selected __DATA offsets such as +0x10 and optionally +0x20; (2) validate the primitive using canaries in the malformed dylib's __DATA; (3) directly call the dyld-written function pointer or, in chain_close mode, register the second written pointer as a dispatch_source_t timer callback so the event loop invokes attacker_hook naturally; (4) stress dyld page-in linking using a second dylib with ~99k imports and a small-stack worker thread; and (5) trigger deterministic crash/reachability behavior in malformed page-in processing for research. The launcher coordinates two threads: Thread A loads libexports.dylib, resolves write_target_value, loads Frameworks/libmalformed.dylib, locates its __DATA via dyld image APIs, and checks whether dyld wrote the expected PAC-valid pointer into the target slot. In chain_close mode it also uses the second slot as a dispatch callback target. Thread B uses a constrained stack and deep recursion before dlopen("@executable_path/libclient.dylib") to exercise the dyld gate/path under stress. The Makefile presets (stress, exploit, chain_close) switch between crash proof, stable intra-image write primitive, and dispatch-based execution demo. No network C2 or remote endpointing is present. The observable endpoints are local Mach-O paths, bundle/package artifacts, and signing/provisioning files. The repository is a real exploit/research PoC rather than a detector: it builds runnable binaries and a crafted dylib to demonstrate a local code-execution-enabling primitive on iOS/arm64e systems.

This repository is a multi-file Apple WebKit/JSC exploit research collection centered on CVE-2024-23222, with numerous auxiliary HTML PoCs for other Safari/WebKit vulnerabilities. It is not a framework module; it is a standalone research repo containing browser-delivered exploit pages, a local Python HTTP collector, and one native C helper. Structure: - README.md documents the intended full exploit chain: a malicious HTML page triggers CVE-2024-23222 in JavaScriptCore, obtains addrof/read64/write64 primitives, then uses a crafted WebAssembly indirect-call trampoline to invoke native libc functions on an A11 iPhone X running iOS 16.4.1. The documented post-exploitation action is opening and writing /tmp/pwned_cve_2024_23222, presented as proof of sandbox escape. - poc/server.py is the operator-side infrastructure. It serves HTML files over HTTP on port 8765, exposes GET/POST /results for telemetry collection, and GET/POST /signal for auxiliary signaling. - find_gigacage.c is a native Mach-based memory scanner that uses task_for_pid, vm_region_recurse_64, and vm_read to locate JSC/Gigacage-related regions and sentinels in another process. This supports exploit development and address discovery rather than remote exploitation. - poc/exploit_23222.html is an earlier standalone Stage 1 exploit for CVE-2024-23222. It contains the core exploitation logic: WebAssembly modules, type confusion setup, arbitrary read/write primitives, addrof, and JIT/JSC structure offset handling. It posts progress markers and results back to /results. - poc/ironloader_diag.html is a diagnostic page for CVE-2023-32409 (“IronLoader”), reusing similar Stage 1 primitives and adding logic to inspect IPC/GPU-related structures. - The remaining poc/cve-*.html files are mostly self-contained browser PoCs or vulnerability checkers for specific CVEs. They generally trigger a suspicious code path, observe crashes/misbehavior, and POST a verdict plus logs to /results. Several are more detection-oriented than weaponized. Main exploit capabilities: - Browser-based initial access via a malicious HTML page. - JSC/WebAssembly memory corruption leading to arbitrary address disclosure and 64-bit read/write in the renderer. - Arbitrary native function invocation by overwriting a WASM indirect-call target slot. - Demonstrated sandbox escape behavior by calling _open/_write on /tmp/pwned_cve_2024_23222. - Extensive telemetry/logging back to a local HTTP server. Notable targeting details: - Primary target is Apple iPhone X (A11, no PAC), iOS 16.4.1, Safari 16.4.1. - The exploit assumes device/version-specific offsets and an ASLR slide known in advance/offline. - README explicitly notes limitations such as inability to directly read dyld cache from JS and failure of mmap(PROT_EXEC), indicating this is a real exploit-development repo rather than a simple detector. Assessment: - The repository contains genuine exploit code and PoCs. The main CVE-2024-23222 chain is operational but environment-specific, with a basic hardcoded payload (proof-file creation) rather than a flexible post-exploitation framework. Auxiliary files broaden the repo into a WebKit vulnerability lab with multiple browser-based tests and diagnostics.

Repository is a work-in-progress exploit-chain analysis and PoC for two iOS WebKit-related vulnerabilities used together in-the-wild: CVE-2025-43529 (JavaScriptCore DFG store-barrier insertion UAF) and CVE-2025-14174 (ANGLE Metal backend out-of-bounds write reachable via WebGL2). Structure: - README.md: High-level writeup of both CVEs, intended chain (renderer RCE -> GPU process corruption/sandbox escape), and current status. Notes that addrof/fakeobj primitives are achieved but arbitrary read/write is blocked by arm64e Pointer Authentication (PAC). - poc/uaf_trigger.js: Implements the UAF trigger. It constructs a Phi node scenario in JSC DFG where a Phi escapes but Upsilon inputs are not marked escaped, leading to missing write barriers. A Date object with an indexed property is used to create a butterfly; GC pressure is induced via large ArrayBuffer allocations; then a long loop provides a GC window. The result is a freed Date whose butterfly can be reclaimed by sprayed arrays. The main() function repeatedly triggers and sprays until it detects successful reclamation (freed[0] == 13.37), returning two views of the same butterfly (freed Date view and spray Array view) enabling type confusion. - poc/primitives.js: Given the boxed/unboxed views of the same butterfly, provides itof/ftoi conversions and implements addrof(obj) (leak object address by storing into boxed array and reading raw bits via unboxed array) and fakeobj(addr) (write address bits via unboxed array and read back as object via boxed array). This is a classic JSC boxed/unboxed confusion primitive. - poc/angle_oob.js: WebGL2 trigger for ANGLE Metal backend OOB write. It creates a texture and a pixel unpack buffer (PBO) containing full-size data for a 256x256 float texture, then sets UNPACK_IMAGE_HEIGHT to 16 so ANGLE allocates a staging buffer sized for 256x16 but performs a write for 256x256, producing a large OOB write in the GPU process. No controlled corruption strategy or sandbox escape payload is implemented—this is a trigger PoC. - analysis/pac_analysis.md: Detailed notes on arm64e PAC mitigations in JSC, focusing on PAC-protected fields like JSArray m_butterfly and TypedArray m_vector. Explains why naive fake TypedArray/JSArray techniques crash (autda/auth failure) and why the butterfly-reuse confusion works (pointers remain legitimately signed). Lists potential PAC bypass research directions. - analysis/crash_logs/*.ips: Example iOS crash report showing EXC_BAD_ACCESS with a PAC-failure-like address pattern (0x0001fffffffffffc) in JavaScriptCore LLInt get_by_val path. Capabilities and limitations: - Achieved: renderer-side addrof/fakeobj and repeated address leaks via UAF-driven butterfly reclamation/type confusion. - Not achieved: arbitrary read/write and code execution primitives due to PAC on arm64e; ANGLE OOB is confirmed as a trigger but not yet chained into a full exploit.

This repository provides a technical analysis and proof-of-concept (PoC) for CVE-2025-14174, an out-of-bounds write vulnerability in ANGLE's Metal backend affecting WebGL implementations in iOS Safari (< 26), macOS Chrome/Chromium/Electron, but not macOS Safari. The main exploit is implemented in 'poc.html', an HTML/JavaScript file that sets up a WebGL2 context and manipulates texture upload parameters to trigger the vulnerability. The PoC allows the user to configure various parameters (iterations, mode, randomization, etc.) to probe for the bug and observe GPU process behavior. The README.md provides a comprehensive technical writeup, including affected platforms, root cause, impact, and mitigation details. No hardcoded network endpoints or external IPs/domains are present in the code. The exploit demonstrates the vulnerability but does not provide weaponized payloads or post-exploitation capabilities.