Dillon Franke explores using Mach IPC messages as an attack vector for finding and exploiting sandbox escapes in MacOS system daemons. He details his hybrid approach of knowledge-driven fuzzing, which combines automated fuzzing with manual reverse engineering, and shares insights on identifying vulnerabilities, specifically a type confusion issue in the coreaudiod daemon. The post includes resources for building a custom fuzzing harness and tools used throughout the research.

Ladybird, a new browser engine from the SerenityOS project, features a JavaScript engine called LibJS, which is currently in pre-alpha development. Researching its vulnerabilities revealed a critical use-after-free bug in the argument buffer triggered by a proxied function object, with insights on fuzzing techniques used to discover these issues. The article discusses the architecture of LibJS and the specifics of the identified bug, including examples and proposed fixes.