SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon

This Black Hat conference talk explores "SysBumps," the first KASLR break attack on macOS for Apple silicon. Discover how researchers exploit speculative execution vulnerabilities in system calls combined with TLB side effects to bypass Apple's robust security measures. Learn about the security analysis conducted on Apple's ARM-based chips, which revealed vulnerabilities in 25 out of 80 examined system calls despite advanced mitigations like KPTI. The presentation details how SysBumps can defeat KASLR in under 3 seconds across various macOS versions and M-series processors, and discusses potential countermeasures against such attacks. Presented by researchers from Korea University, this 28-minute talk addresses the unique security challenges posed by Apple's transition from Intel processors to custom-designed ARM-based chips.