Biting the Apple that Feeds You - macOS Kernel Fuzzing

Explore macOS kernel fuzzing techniques in this 41-minute conference talk from 44CON 2017. Dive into MWR's platform-agnostic approach for identifying critical flaws in Apple's XNU kernel. Learn about developing fuzzing automation, targeting core subsystems, and addressing architectural differences across platforms. Examine the effectiveness of targeted fuzzing for specific components and discover an in-memory fuzzer combining static and dynamic analysis. Gain insights into achieving greater code coverage, efficiency, and attacking privileged components via IPC. Discuss discovered issues, future improvements, and tools released for enhancing coverage and effectiveness in macOS kernel fuzzing.

Introduction
Why OS X
The fuzzer
Object database
Ciscos
syscall
Siskel
Logging
Seeding
Exit Cisco
Library
Fuzz Loop
Scaling the Fuzz
QMU
Code Coverage
Cocoa Free Support
Coverage Information
In memory fuzz
Fuzzer components
Wrapper library
Extracting attack surface
Pattern matching on struts
Limitations
Modules
Hooking
Challenges
Open method
Sample size
UI Automation
Mutations
Architecture
open source
future plans
previous work