Attacking the macOS Kernel: Graphics Driver

Cite

DEF CON

Yu, Wang

Formal Metadata

Title

Attacking the macOS Kernel: Graphics Driver

Title of Series

DEF CON 26

Number of Parts

322

Author

Yu, Wang

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/39759 (DOI)

Publisher

DEF CON

Release Date

2018

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Just like the Windows platform, graphic drivers of macOS kernel are complicated and provide a large promising attack surface for EoPs and sandbox escapes from low-privileged processes. After auditing part of the binaries, I discovered a number of vulnerabilities last year. Including, NULL pointer dereference, stack-based buffer overflow, arbitrary kernel memory read and write, use-after-free, etc. Some of these vulnerabilities were reported to Apple Inc., such as the CVE-2017-7155, CVE-2017-7163, CVE-2017-13883. In this presentation, I will share with you the detailed information about these vulnerabilities. Furthermore, from the attacker's perspective, I will also reveal some new exploit techniques and zero-days.