风沐云烟

For those missing the talk, Blog: jhftss.github.io/Exploiting-the… Slides: github.com/jhftss/jhftss.…

@gergely_kalman @theevilbit Congrats！

macOS 15.6 came with a few CVEs: CVE-2025-43199: I have no idea whivh bug this is yet :) CVE-2025-43232: collab with @theevilbit CVE-2025-43268: classified as kernel but I reported anything like that All in all: it's chaos as usual, but patch your systems ASAP!

You can the slides for my today’s @bsidesbud talk (Apple Disk-O Party) on my site: theevilbit.github.io/talks/

Here is poc, but I can't construct the exploit for it, because of the strong mitigation of Apple XNU. github.com/fmyyss/XNU_KER…

CVE-2024-23208: it' is new code introduced on XNU with macOS 14.0, here it does not increase the refcount of group-pointer

@zhuowei No, it’s not in vm, I’m not sure if I can disclose the details about it, but it is a UAF vulnearbility caused by reference counting

Interesting: macOS 14.3 added a check to `vm_object_coalesce` to confirm that `prev_offset + prev_size` and `prev_offset + prev_size + next_size` don't overflow. #L5181" target="_blank" rel="nofollow noopener">github.com/apple-oss-dist… I wonder if this is CVE-2024-23208?