Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
好的,我现在需要帮用户总结一下这篇文章的内容,控制在100字以内。首先,我得仔细阅读邮件内容,理解其中的关键信息。 邮件的开头是Joseph Goydish II在Full Disclosure邮件列表中回复Patrick。Patrick质疑这个报告的真实性,认为是假的或AI生成的。而Joseph则提供了可重复的日志、视频和一个工作的漏洞利用,以及上游补丁的跟踪记录。他强调这个漏洞是在野外捕获的,并通过日志分析逆向工程出来的。他还邀请其他人独立测试这个漏洞。 此外,邮件中提到报告中的技术细节页面已经无法访问,显示404错误。这可能让Patrick和其他人对报告的真实性产生怀疑。 所以,总结起来,这篇文章主要讨论了一个关于iOS 18的零点击iMessage漏洞(CVE-2025-24085和CVE-2025-24201)的报告。Joseph提供了证据试图证明其真实性,但技术细节页面不可用导致怀疑。 接下来,我需要将这些信息浓缩到100字以内,并且不需要以“文章内容总结”之类的开头。直接描述即可。 可能的结构:漏洞名称、影响、提供的证据、技术细节问题、讨论焦点。 最终总结应该涵盖这些要点:Glass Cage攻击链、零点击iMessage漏洞、iOS 18受影响、提供日志和补丁、技术细节页面不可用导致质疑。 </think> 文章讨论了针对iOS 18的零点击iMessage漏洞(CVE-2025-24085/CVE-2025-24201),该漏洞可能导致设备被远程控制甚至损坏。报告人提供了日志、视频和可测试的漏洞利用,并邀请独立验证。然而,相关技术细节页面已无法访问,引发对其真实性的质疑。 2025-11-7 13:49:47 Author: seclists.org(查看原文) 阅读量:6 收藏
fulldisclosure logo

Full Disclosure mailing list archives

From: Joseph Goydish II via Fulldisclosure <fulldisclosure () seclists org>
Date: Thu, 30 Oct 2025 11:07:04 +0000
Hey Patrick, I understand the doubt.

However… what’s not slop is reproducible logs I provided a video of and the testable, working exploit I provided.

 Neither is the upstream patches that can be tracked from the disclosure dates to the cve’s listed in the report.

The exploit was caught in the wild, reversed engineered via log analysis and the logs provided are simply observed 
behavior. Please feel free to independently test the exploit.

Your assumptions and rhetoric do not help in why people use this mailing list, for good faith reporting.

-------- Original Message --------
On Thursday, 10/30/25 at 06:03 Patrick <kroppoloe () protonmail ch> wrote:
This is fake and AI generated.

Sent from Proton Mail for iOS.

-------- Original Message --------
On Thursday, 10/30/25 at 02:18 josephgoyd via Fulldisclosure <fulldisclosure () seclists org> wrote:
The exploit I caught in the wild and the flow of the attack chain are in this repo: 
https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201

The report was constructed via log analysis.

-------- Original Message --------
On Wednesday, 10/29/25 at 01:44 Christoph Gruber <list () guru at> wrote:
It seems, the whole account is down
--
Christoph Gruber


Am 29.10.2025 um 03:37 schrieb Noor Christensen <kchr+fd () fripost org>:

On Thu Oct 2, 2025 at 11:45 PM CEST, josephgoyd via Fulldisclosure wrote:

----------------------------------------------------------------------

Full Technical Disclosure:

[Glass Cage iOS Attack Chain](https://weareapartyof1.substack.com/p/glass-cage-zero-day-imessage-attack)


Hi Joseph,

Looks like your post with the technical details is down; I'm getting a 404 since
yesterday.

-- kchr
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

  • Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Joseph Goydish II via Fulldisclosure (Nov 07)

文章来源: https://seclists.org/fulldisclosure/2025/Nov/15
如有侵权请联系:admin#unsafe.sh