By open-sourcing their fuzzing harness and methodology, Google’s researchers have empowered the security community to continue probing and hardening macOS services against similar vulnerabilities-highlighting both the power and peril of low-level IPC in modern operating systems. Their findings, which combine manual reverse engineering and advanced fuzzing techniques, not only expose systemic risks in macOS but also provide open-source tools and code for the wider security community. Identify Accessible Attack Surfaces: By analyzing sandbox profiles and using tools like sbtool, the researchers determined which Mach services could be reached from sandboxed processes. By crafting Mach messages that referenced objects of the wrong type, an attacker could trigger out-of-bounds memory access or even hijack control flow via manipulated virtual function tables (vtables). Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Project Zero recommends that Apple and other OS vendors enforce strict type checks and consider architectural changes to IPC mechanisms to reduce the attack surface for sandbox escapes. The vulnerability was assigned CVE-2024-54529 and patched by Apple in December 2024, with the fix introducing explicit type checks before dereferencing objects in affected handlers. The researchers discovered a critical type confusion vulnerability in the handling of Mach messages by coreaudiod. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Select High-Value Targets: They narrowed their focus to daemons with both significant privileges and accessible Mach services-settling on coreaudiod due to its complexity and privilege level. This code ensures the fuzzing harness can inject messages directly into the target subsystem without colliding with system-level service registration.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 12 May 2025 12:20:05 +0000