Pinned
The world's first(?) kernel exploit for Vision Pro- on launch day!
Joseph Ravichandran
129 posts
Joseph Ravichandran
@0xjprx
PhD Student studying Microarchitectural Security @MIT
- Replying to @0xjprxWhen the device crashes it switches to full passthrough and displays a warning to remove the device in 30 seconds so it can reboot. Pretty cool
- We found a way to defeat pointer authentication (and forge kernel pointers from userspace) on the Apple M1 via a new hardware attack. Hereโs how it works-
- Received my first iOS + macOS kernel CVE! Fixed in XNU for iOS 17 and macOS Sonoma; a full writeup will be posted here soon.
shasum(fun thing) = edf70acbced16270bb490ec0a4fbcf5937d5ad13 Blog post coming soon(tm) - CVE-2025-24118 is an absolutely crazy race condition I found in the macOS / XNU kernel. Safe memory reclamation, read-only objects, memcpy implementation details, and a race condition- oh my!
- Writeup for CVE-2024-27815, a buffer overflow I reported in the XNU kernel is out!
- 2 new kernel CVEs, one remotely reachable! (look mom, no local code exec)
- Writeup + Solution to "Mock Kernel"- an XNU kernel hacking CTF challenge I wrote for UIUCTF 2023 is now available: github.com/jprx/mock-kernโฆ Includes software PAC added to the Mac OS X Snow Leopard kernel, plus using Mach OOL heap spray to exploit a UaF!
- When the kernel is sus. CVE-2024-54507 is an XNU bug fixed in macOS 15.2 / iOS 18.2. Enjoy!
- A big thank you to everyone who came to my @defcon talk on PACMAN!! All of our Apple Silicon research tools, the complete PACMAN PoC, and slides from the talk can be found at pacmanattack.com/code.
- Hack the Planet! I taught students fault injection, power analysis, and JTAG/ SWD in today's Secure Hardware Design lecture
- Using Vision Pro in the classroom to show students how to set up fault injection and power analysis attacks in MIT Secure HW Design
- Letโs say you want to rob a bankโฆ Watch my talk @Forbes about the research weโre doing @MIT_CSAIL on how to build the next generation of secure computers! youtu.be/QWPn3W3acew
