Modern operating systems rely heavily on Inter-Process Communication (IPC) mechanisms, with macOS utilizing Mach messages as its fundamental IPC protocol. While these mechanisms enable essential system functionality, they also introduce potential attack vectors for sandbox escapes and privilege escalation. Despite their critical role in system security, Mach message handlers often remain under-examined for vulnerabilities.

In this session, Dillon Franke, vulnerability researcher at Mandiant/Google, will explore:

• Effective techniques for identifying and targeting sandbox-allowed IPC communications
• Development of mutation-based fuzzing methodologies for Mach message handlers
• Implementation of code coverage-guided fuzzing using dynamic instrumentation