This article explores how the /proc/self/mem pseudofile can write to memory marked as unwritable by bypassing MMU protections through kernel virtual memory subsystem manipulation, specifically via the FOLL_FORCE flag in get_user_pages() that skips write permission checks. The technique allows patching read-only memory including libc code pages, with implications for understanding kernel-hardware memory protection constraints.
Technical deep-dive into exploiting CVE-2024-54529, a type confusion vulnerability in macOS's coreaudiod system daemon via the Mach messaging service. The author details the exploitation process of converting a crash into a working exploit through creative problem-solving, following their discovery via knowledge-driven fuzzing methodology.