CVE-2024-24085 Forensic Analysis Report | Remote iOS Attack

The report by Joseph Goydish, dated February 27, 2025, describes a zero-click attack on an iPhone 14 Pro Max running iOS 18.2.1, exploiting a vulnerability in Core Media (CVE-2025-24085). The attack, similar to the "Triangulation" operation, uses a malicious iMessage containing a HEIF image to bypass the BlastDoor sandbox and trigger remote code execution via WebKit, allowing unauthorized access to the keychain and network redirection.