Mastodawn

Our intrepid 20%-er @dillonfranke exploited a vulnerability in CoreAudio. See his process for gaining privilege escalation on a Mac:

https://projectzero.google/2026/01/sound-barrier-2.html

Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529 - Project Zero

In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-...

dillonfranke May 22, 2025

Ivan Fratric May 20, 2025

...and now the video of my talk "Finding and Exploiting 20-year-old bugs in Web Browsers" is live too https://www.youtube.com/watch?v=U1kc7fcF5Ao

OffensiveCon25 - Ivan Fratric - Finding and Exploiting 20-Year-Old Bugs in Web Browsers

YouTube

Show thread

dillonfranke May 9, 2025

I've also open-sourced my fuzzing harness, custom instrumentation, and a PoC for CVE-2024-54529:

https://github.com/googleprojectzero/p0tools/tree/master/CoreAudioFuzz

p0tools/CoreAudioFuzz at master · googleprojectzero/p0tools

Project Zero Docs and Tools. Contribute to googleprojectzero/p0tools development by creating an account on GitHub.

GitHub

dillonfranke May 9, 2025

Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandbox escape vulnerabilities in CoreAudio on MacOS.

I'll talk about this and the exploitation process next week
@offensive_con

https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html

Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages

Guest post by Dillon Franke, Senior Security Engineer , 20% time on Project Zero Every second, highly-privileged MacOS system daemons...