🌖 CVE 2025-31200 | 一個奇怪的部落格
➤ 深入解析 CoreAudio 的記憶體損壞漏洞
✤ https://blog.noahhw.dev/posts/cve-2025-31200/
這篇文章詳細描述了安全研究者對蘋果公司 CoreAudio 中 CVE-2025-31200 漏洞的分析過程。該漏洞於 2025 年 4 月 16 日被蘋果公司修補,並被指出已在野外被積極利用。研究者利用二進位比較工具和原始碼分析,發現漏洞根源於對音訊解碼器配置的解析方式,特別是處理數據長度時可能發生的記憶體損壞。研究者通過分析修補程式碼的差異,鎖定了問題所在,並解釋了漏洞發生的機制。
+ 哇,這篇分析真的非常深入,看得出來作者花了很多時間去研究這個漏洞。
+ 這種細緻的漏洞分析真的很有幫助,讓人更瞭解安全風險和修補的必要性。
#安全漏洞 #CoreAudio #記憶體損壞 #漏洞分析
#coreaudio
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html
#HackerNews #BreakingTheSoundBarrier #Fuzzing #CoreAudio #MachMessages #CyberSecurity #ProjectZero
@nielso I also find #pipewire to be better than #coreaudio on macOS.
Many of the things I used to do on macOS with some helper apps, I now do out of the box on #linux.
And yes, in many of the "polished" apps that are used on Windows or macOS, I think a lot of the complexity (but also flexibility) is probably kept away from the users, which may lead to small successes faster, but doesn't necessarily promote the underlying understanding of what's actually going on, if that makes any sense.
Apple Patches 2 Exploited iOS Zero-Days in CoreAudio and RPAC
#Apple #iOS #AppleSecurity #iOSUpdate #ZeroDay #Cybersecurity #CoreAudio #ARM #AppleSilicon #PatchAlert #SecurityUpdate
So this is a fun #Audio tool for #macOS if you listen to various #HiRes and/or #LosslessAudio formats and want to switch a digital output to the matching #SampleRate on playback - https://github.com/vincentneo/LosslessSwitcher
I'd love for it to match discrete output channels and bitrate along with sample rate to account for multichannel source material 🤔 I may have to play with the #CoreAudio tricks they use for the app.
CoreAudio and AirPlay don't exactly seem like a match made in Heaven. Does anybody know how to detect inactive AirPlay devices? Retoot appreciated. #Swift #macOS #CoreAudio #AirPlay
sudo pkill coreaudiod saves the day again :blobcatshrug:
My RME UCX audio interface has died after 11 years of service. I’ll probably replace it with the UCX II, but I’m interested in alternatives. Arturia’s AudioFuse 16Rig looks suitable for my studio (mostly line level, some synths & CV, a couple of mics) but it uses the default Core Audio driver (on Mac). Is that good enough?
What other audio interfaces do people recommend?
#MusicProduction #Recording #Arturia #RME #CoreAudio #AudioInterface #Soundcard
@PatrickOBeirne Yes! I just wrote up my findings so far and asked on the Apple forums: https://developer.apple.com/forums/thread/763325 - hopefully the code examples will help identify the issue.
Just tagged #libASPL 3.1.0
Release includes better support of overriding low-level I/O handlers with your own and numerous bug-fixes.
New on the blog: Modern CoreMIDI Event Handling with Swift:
https://furnacecreek.org/blog/2024-04-06-modern-coremidi-event-handling-with-swift
Let's say you have some number of people you regularly invite to A Thing. How do you manage the list and the invitations? I've been using a google form and a bcc email but I'd rather do something nicer if it exists.
EDIT: this is a regular event, what I send is less invitation and more reminder. A handcrafted artisan email with an entertaining gif and the exact time and date.
It's Karaoke. I am slowly bringing back #CoreAudio and it's been so long I thought I'd see if it was easier now.
Tagged #libASPL 2.0.1 https://github.com/gavv/libASPL
Changes:
* users don't need Jinja2 now (code generation excluded from build)
* fixed warnings
* fixed typos
libASPL is a C++17 library that simplifies creating macOS virtual audio devices.
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst