Techly NewsGet the app

Get the latest tech news

Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages


Guest post by Dillon Franke, Senior Security Engineer ,  20% time on Project Zero Every second, highly-privileged MacOS system daemons...

I’ll detail how I used a custom fuzzing harness, dynamic instrumentation, and plenty of debugging/static analysis to identify a high-risk type confusion vulnerability in the coreaudiod system daemon. A bit of research showed me that as of MacOS Big Sur, most framework binaries are not stored on disk but within the dyld shared cache, a mechanism for pre-linking libraries to allow applications to run faster. After many fuzzing harness iterations, lldb “next instruction” commands, and hours spent overheating my MacBook Pro, I had finally begun to acquire an understanding of the CoreAudio framework and generate some meaningful crashes.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Mach

Mach

Photo of sound barrier part

sound barrier part

Photo of coreaudio

coreaudio

Related news:

News photo

Pentagon's hypersonic milestone: Stratolaunch reusable vehicle breaks Mach 5

News photo

Ford’s electric Mach-E outsold the gas-powered Mustang for the first time

News photo

Japan shows off electromagnetic railgun for blasting hypersonic missiles | It's able to fire 40mm shells weighing 320 grams (11 oz) at muzzle speeds of up to Mach 6.5 and consumes about 5 megajoules per shot, but the goal is to boost this up to 20 megajoules in the near future.

« Entrepreneurial Spawning from Remote Work
Developers, Don't Despair, Big Tech and AI Hype Is Off the Rails Again »