NULL Pointer Dereferences on macOS Apple Silicon: Exploitable No More?
This article explores why NULL pointer dereference vulnerabilities are no longer exploitable for privilege escalation on Apple Silicon (ARM64) macOS. Historically, attackers manipulated memory mapping (especially in 32-bit systems) to exploit these bugs for code execution. However, macOS has significantly improved its security over the years. Hardware mitigations like SMEP, PAN, and PXN, along with Pointer Authentication Codes (PAC), the removal of 32-bit support, and enhanced kernel memory management make such exploits incredibly difficult, if not impossible. On modern macOS, NULL pointer dereferences primarily result in Denial of Service (DoS), not privilege escalation. The article details these improvements and provides a checklist for researchers before reporting such vulnerabilities.