Exploiting a Type Confusion Vulnerability in macOS's coreaudiod Daemon
2025-05-14
This blog post details the author's journey in discovering and exploiting a high-risk type confusion vulnerability in macOS's coreaudiod system daemon. Using a custom fuzzing harness, dynamic instrumentation, and static analysis, the author, a security engineer at Google Project Zero, uncovered a sandbox escape vulnerability. The research employed a knowledge-driven fuzzing approach, combining automated fuzzing with targeted manual reverse engineering. The vulnerability, CVE-2024-54529, has since been patched by Apple.