Black Hat USA 2025 | "Dead Pixel Detected" - A Security Assessment of Apple's Graphics Subsystem

As one of the most significant attack surfaces in Operating Systems, the graphics subsystem has always been a focus of the security community. Given the lack of source code and technical documentation, conducting a comprehensive security assessment of such subsystems, particularly their kernel-mode components, remains an arduous task. Let's consider the Apple Silicon platform as a reference. Upon examining the security advisories from the past year, it is clear that the number of kernel vulnerabilities has diverged from the theoretical error rate per ten thousand lines of binary code. In the meantime, the AI revolution is accelerating, and large language models are placing more stringent demands on platform security. As security researchers, it is our obligation to step forward and safeguard these critical infrastructures. This presentation will delve into the Apple's Intel-based GPU, Apple Graphics Accelerator (AGX GPU), IOMobileFrameBuffer (IOMFB) and Display Co-processor (DCP), from the perspectives of system architecture and implementation, reverse engineering and attack surface evaluation, fuzzing and vulnerability hunting. As part of the findings, this presentation will share with you more than a dozen kernel vulnerabilities, including CVE-2024-40854, CVE-2024-44197, CVE-2024-44199, CVE-2025-24111, CVE-2025-24257, CVE-2025-24273, etc. These brand new issues impact each of the components mentioned above. Through these case studies, you might gain a deeper understanding of the architecture design of Apple's graphics subsystem, as well as the security challenges emerging in the era of Apple Private Cloud Compute. By: Yu Wang | Co-founder and CEO, CyberServal Weiteng Chen | Researcher, Microsoft Research, Redmond Presentation Materials Available at: https://ift.tt/RuOxmbG

source https://www.youtube.com/watch?v=JYmh7gCoIFo