Triangulating TrueType Fonts on macOS - Reconstructing CVE-2023-41990

Dive into a 42-minute security conference talk that explores the reconstruction and analysis of CVE-2023-41990, a critical vulnerability in Apple's font rendering code discovered during Operation Triangulation. Learn how security researchers reverse-engineered and analyzed an undocumented TrueType instruction vulnerability in macOS and iOS font rendering systems, initially identified by Kaspersky researchers. Follow along as Aleksandar Nikolic, a Cisco Talos vulnerability researcher, demonstrates the process of recreating the proof-of-concept exploit, providing deep insights into font rendering mechanisms on Apple platforms and techniques for detecting similar vulnerabilities. Gain valuable understanding of memory corruption vulnerabilities, reverse engineering methodologies, and the complexities of analyzing legacy code components in modern operating systems.