Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529

Posted by Dillon Franke, Google Information Security Engineering, 20% time on Project Zero In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability CVE-2024-54529 and a double-free vulnerability CVE-2025-312...

MacOS Sandbox Escape via Double Free in coreaudiod/CoreAudio Framework

MacOS suffers from a sandbox escape vulnerability due to a double-free condition in coreaudiod/CoreAudio Framework...

CVE-2015-7003

coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app...

Code injection

coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app...

CVE-2015-7003

coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app...

CVE-2015-7003

CVE-2015-7003 affects Apple macOS: coreaudiod in Audio on OS X versions prior to 10.11.1. Root cause: an uninitialized data structure in coreaudiod leading to arbitrary code execution when processing a crafted app. Impact stated as arbitrary code execution. Connected sources confirm the issue is ...