Attacking the macOS Kernel Graphics Driver

Presented at DEF CON 26 (2018), Aug. 12, 2018, noon (45 minutes)

Just like the Windows platform, graphic drivers of macOS kernel are complicated and provide a large promising attack surface for EoPs and sandbox escapes from low-privileged processes. After auditing part of the binaries, I discovered a number of vulnerabilities last year. Including, NULL pointer dereference, stack-based buffer overflow, arbitrary kernel memory read and write, use-after-free, etc. Some of these vulnerabilities were reported to Apple Inc., such as the CVE-2017-7155, CVE-2017-7163, CVE-2017-13883.

In this presentation, I will share with you the detailed information about these vulnerabilities. Furthermore, from the attacker's perspective, I will also reveal some new exploit techniques and zero-days.

Presenters:

• Yu Wang - Senior Staff Engineer at Didi Research America
  Yu Wang is a senior staff engineer at Didi Research America. He has previously presented on Syscan360 2012/2013, Hitcon 2013, Black Hat USA 2014, Black Hat ASIA 2016, Black Hat USA Arsenal 2018 and other conferences.

Links:

• https://defcon.org/html/defcon-26/dc-26-speakers.html#Wang
• https://infocon.org/cons/DEF CON/DEF CON 26/DEF CON 26 video and slides/DEF CON 26 - Yu Wang - Attacking the macOS Kernel Graphics Driver.mp4
• https://infocon.org/cons/DEF CON/DEF CON 26/DEF CON 26 video and slides/DEF CON 26 - Yu Wang - Attacking the macOS Kernel Graphics Driver.srt (subtitles)
• https://www.youtube.com/watch?v=TEKOm0J2sHQ

Similar Presentations:

• VB2019 / Play fuzzing machine - hunting iOS and macOS kernel vulnerabilities automatically and smartly
• Objective by the Sea version 4.0 (2021) / Kernel Exploitation on Apple's M1 chip
• DEF CON 26 (2018) / Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program