Think RAM forgets? 🤔 Not always. See how secrets can leak, what mitigations exist on major OS like #macOS, #Windows, #Linux, and what devs can do:
https://afine.com/when-memory-refuses-to-forget-sensitive-data-persistence-in-desktop-application/
Karol Mazurek
How a simple #fuzzing payload bypassed entitlement check and triggered a #kernel panic on #macOS in the IOMobileFramebuffer driver. Patched in 15.4. Enjoy!
https://afine.com/case-study-iomobileframebuffer-null-pointer-dereference/
🚀 New blog post! 🚀
"A History of #NULL Pointer Dereferences on macOS." Discover how #Apple's security measures have evolved, making these vulnerabilities unexploitable on modern systems.
Enjoy!
#macOS #Cybersecurity #Vulnerability
https://afine.com/history-of-null-pointer-dereferences-on-macos/
This is a short blog post about a cheap #redteam trick I found last year during #phishing assessments to bypass #Outlook spam filters and deliver links to malicious #ISO files. #Microsoft does not want to patch it, so it is good to be aware of it:
https://afine.com/bypassing-spam-filtering-mechanism-in-outlook/
Enjoy!
🚀 New blog post! 🚀
Deep dive into a #macOS IONVMeFamily #driver Denial of Service issue! It is not a security risk but a great case study for macOS driver analysis.🕵️‍♂️
Enjoy!
#RE #Vulnerability #Research #Kernel #Fuzzing #PoC
https://afine.com/case-study-analyzing-macos-ionvmefamily-driver-denial-of-service-issue/
Georgia Tech and Ruhr University Bochum researchers have uncovered new side-channel attacks on #Apple Silicon. My latest blog post briefly introduces these #vulnerabilities along with links to the full #research papers. Check it out to learn more:
https://afine.com/slap-flop-apple-silicons-data-speculation-vulnerabilities/
Task Injection on macOS
🔍 Dive into how attackers can leverage Task Ports for process code injection. Learn security rules, lldb & debugserver mechanics, and some red tricks!
#macOS #Cybersecurity #TaskInjection #InfoSec
Enjoy & read it now here:
https://afine.com/task-injection-on-macos/
Deep dive into #Apple #macOS #drivers: Explore #IOKit and #BSD internals. Understand driver types and #kernel interfaces. Includes practical #RE techniques with #code examples. Enjoy and Merry Christmas!🎄
https://karol-mazurek.medium.com/drivers-on-macos-26edbde370ab?sk=v2%2F8a5bbc18-aae7-4a68-b0dd-bb5ce70b5752
This article explains how #macOS handles #exceptions on #Apple Silicon (#arm64), transitions between #user - #kernel mode, dives into #syscalls, #interrupts, and fault handling details, and includes a breakdown with a visual Exception Handling Map. Enjoy!
https://karol-mazurek.medium.com/exceptions-on-macos-2c4bd6a9fd31?sk=v2/fa7393a6-16e7-46d4-84d0-4de300260533
I was featured in @pagedout_zine on pages 22 and 47, but I encourage you to read the entire magazine—it's filled with fantastic work and incredible people! Catch it in Issue #5: https://pagedout.institute/
What started as a simple #bug led me deep into the mysteries of #Unix #symlinks, #firmlinks, and other nuances of the #filesystem. Grateful to @gergely_kalman for the nudge! This one’s full of #python #UnixTips #macOS magic. Enjoy reading!
https://karol-mazurek.medium.com/fixing-an-infinite-loop-on-unix-e0a8a5501c54
Last year, I created a tool to identify #MachO binaries on #Apple #macOS. Recently, I got feedback from
@patrickwardle, @gergely_kalman, and @yo_yo_yo_jboon suggesting optimizations: https://x.com/karmaz95/status/1851559861990858810
Here’s an article detailing my improvements: https://karol-mazurek.medium.com/optimizing-mach-o-detection-40352101bbef?sk=v2%2F3378d3f5-874b-4b82-94d5-b2ccd8522ea3
This short post is about identifying all executables on your #Apple #MacOS, finding their UUIDs, and creating such a #UUID database. It introduces a new tool called #UUIDFinder. Enjoy!
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst