Webkit

A type confusion vulnerability exists in Apple Safari, as detailed in CVE-2024-23222. A public exploit demonstrates successful exploitation of the vulnerability on iOS 16.4.1, leading to a sandbox escape, which has been patched in iOS 17.3 and macOS 14.3.

The DarkSword exploit chain targets iOS versions 18 and under by exploiting a WebKit vulnerability, and is being adopted by multiple threat actors for initial access and execution.