Talos releases new macOS open-source fuzzer

May 16, 2024 02:00 pm Cyber Security 83
Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware.Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework.Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare virtual machine snapshots.Additional tools support symbolizing and code coverage analysis of fuzzing traces.

Table of Contents





Previously in snapshot fuzzing

Snapshot fuzzing building blocks

Debugging

Snapshot acquisition

Snapshot loading into WTF

Catching crashes

Fuzzing harness and fixups

Coverage


Finding novel and unique vulnerabilities often requires the development of unique tools that are best suited for the task. Platforms and hardware that target software run on usually dictate tools and techniques that can be used.  This is especially true for parts of the macOS operating system and kernel due to its close-sourced nature and lack of tools that support advanced debugging, introspection or instrumentation. 

Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties. Things are closed-source, so we can’t use compile-time inst ..

Support the originator by clicking the read the rest link below.

talos releases macos source fuzzer
Read The Rest from the original source
blog.talosintelligence.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!