{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T00:30:09Z","timestamp":1766449809929,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2022YFE0113200"],"award-info":[{"award-number":["2022YFE0113200"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690376","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"3749-3762","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-4288-4590","authenticated-orcid":false,"given":"Jiaxun","family":"Zhu","sequence":"first","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-5776-4789","authenticated-orcid":false,"given":"Minghao","family":"Lin","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1231-4050","authenticated-orcid":false,"given":"Tingting","family":"Yin","sequence":"additional","affiliation":[{"name":"Zhongguancun Laboratory, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-8354-9985","authenticated-orcid":false,"given":"Zechao","family":"Cai","sequence":"additional","affiliation":[{"name":"Columbia University, New York, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-4289-977X","authenticated-orcid":false,"given":"Yu","family":"Wang","sequence":"additional","affiliation":[{"name":"Cyberserval Co., Ltd., Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0178-0171","authenticated-orcid":false,"given":"Rui","family":"Chang","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2899-6121","authenticated-orcid":false,"given":"Wenbo","family":"Shen","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Akihiko Odaki. 2022. Introduce gdbserver. https:\/\/github.com\/AsahiLinux\/m1n1\/pull\/194\/commits\/cc420003ef9c929ca64b68723a38234b567395b7."},{"key":"e_1_3_2_1_2_1","unstructured":"Apple. 2020. Choosing a Resource Storage Mode for Apple GPUs. https:\/\/developer.apple.com\/documentation\/metal\/resource_fundamentals\/choosing_a_resource_storage_mode_for_apple_gpus?language=objc."},{"key":"e_1_3_2_1_3_1","unstructured":"Apple. 2024. Accelerate graphics and much more with Metal. https:\/\/developer.apple.com\/metal\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Apple. 2024. Build virtualization solutions on top of a lightweight hypervisor without third-party kernel extensions. https:\/\/developer.apple.com\/documentation\/hypervisor."},{"key":"e_1_3_2_1_5_1","unstructured":"Apple. 2024. Page Protection Layer. https:\/\/support.apple.com\/en-hk\/guide\/security\/sec8b776536b\/1\/web\/1#sec314c3af61."},{"key":"e_1_3_2_1_6_1","unstructured":"Apple. 2024 d. System Coprocessor Integrity Protection. https:\/\/support.apple.com\/en-hk\/guide\/security\/sec8b776536b\/1\/web\/1##sec59f75f8cd."},{"key":"e_1_3_2_1_7_1","unstructured":"ARM. 2024. Virtualization-host-extensions. https:\/\/developer.arm.com\/documentation\/102142\/0100\/Virtualization-host-extensions."},{"key":"e_1_3_2_1_8_1","unstructured":"ARM LTD. [n. d.]. Memory access atomicity. https:\/\/developer.arm.com\/documentation\/den0024\/a\/The-A64-instruction-set\/Memory-access-instructions\/Memory-access-atomicity."},{"key":"e_1_3_2_1_9_1","unstructured":"ARM LTD. 2020. Arm Architecture Reference Manual for A-profile architecture. https:\/\/developer.arm.com\/documentation\/ddi0487\/latest."},{"key":"e_1_3_2_1_10_1","unstructured":"AsahiLinux. 2021. m1n1: an experimentation playground for Apple Silicon. https:\/\/github.com\/AsahiLinux\/m1n1."},{"key":"e_1_3_2_1_11_1","unstructured":"Ian Beer. 2023. Abusing iPhone Co-Processors for Privilege Escalation. In (Objective By The Sea (OBTS) v5.0)."},{"key":"e_1_3_2_1_12_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Cai Zechao","year":"2023","unstructured":"Zechao Cai, Jiaxun Zhu, Wenbo Shen, Yutian Yang, Rui Chang, Yu Wang, Jinku Li, and Kui Ren. 2023. Demystifying Pointer Authentication on Apple M1. In 32nd USENIX Security Symposium (USENIX Security 23). 2833--2848."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484564"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00114"},{"key":"e_1_3_2_1_15_1","unstructured":"Parallels\u00ae Desktop. 2024. Parallels\u00ae Desktop 19 for Mac. https:\/\/www.parallels.cn\/products\/desktop\/."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133917"},{"key":"e_1_3_2_1_17_1","unstructured":"Thierry Dor\u00e9. 2022. A journey of fuzzing Nvidia graphic driver leading to LPE exploitation. In (Hexacon)."},{"key":"e_1_3_2_1_18_1","unstructured":"Hugues Evrard and Paul Thomson. 2017. GraphicsFuzz. https:\/\/github.com\/google\/graphicsfuzz."},{"key":"e_1_3_2_1_19_1","unstructured":"Hugues Evrard and Paul Thomson. 2017. GraphicsFuzz: Secure and Robust Graphics Rendering. https:\/\/www.khronos.org\/assets\/uploads\/developers\/library\/2017-gdc-webgl-webvr-gltf-meetup\/10 - Imperial College London - GraphicsFuzz_Mar17.pdf."},{"key":"e_1_3_2_1_20_1","unstructured":"Lars Fr\u00f6der. 2024. How to Jailbreak iOS 16. In (Power of Community)."},{"key":"e_1_3_2_1_21_1","unstructured":"Haifisch. 2016. kuzz: an iOS IOKit fuzzer. https:\/\/github.com\/Haifisch\/kuzz"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134103"},{"key":"e_1_3_2_1_23_1","unstructured":"Apple Inc. 2020. Apple unleashes M1. https:\/\/www.apple.com\/newsroom\/2020\/11\/apple-unleashes-m1."},{"volume-title":"Operation Triangulation: The last (hardware) mystery. https:\/\/securelist.com\/operation-triangulation-the-last-hardware-mystery\/111669\/.","year":"2023","key":"e_1_3_2_1_24_1","unstructured":"Kaspersky. 2023. Operation Triangulation: The last (hardware) mystery. https:\/\/securelist.com\/operation-triangulation-the-last-hardware-mystery\/111669\/."},{"key":"e_1_3_2_1_25_1","unstructured":"Moony Li and Jack Tang. 2016. Fuzzing and Exploiting OSX Vulnerabilities for Fun and Profit. In (PacSec). https:\/\/papers.put.as\/papers\/macosx\/2016\/PSJ2016_MoonyLi_pacsec-1.8.pdf"},{"key":"e_1_3_2_1_26_1","volume-title":"Hack In The Box Security Conference (HITB).","author":"Lin Juwei","year":"2019","unstructured":"Juwei Lin and Junzhi Lu. 2019. PanicXNU 3.0. In Hack In The Box Security Conference (HITB)."},{"key":"e_1_3_2_1_27_1","unstructured":"Juwei Lin Lilang Wu and Moony Li. 2018. Drill the Apple Core: Fuzz Apple Core Component in Kernel and User Mode for Fun and Profit. In (Blackhat EUROPE). https:\/\/i.blackhat.com\/eu-18\/Wed-Dec-5\/eu-18-Juwei_Lin-Drill-The-Apple-Core.pdf"},{"key":"e_1_3_2_1_28_1","unstructured":"Asahi Lina. 2023. agx-exploit. https:\/\/github.com\/asahilina\/agx-exploit."},{"key":"e_1_3_2_1_29_1","volume-title":"Syzkaller: An unsupervised coverage-guided kernel fuzzer. https:\/\/github.com\/google\/syzkaller","author":"Google","year":"2022","unstructured":"Google LLC. 2022. Syzkaller: An unsupervised coverage-guided kernel fuzzer. https:\/\/github.com\/google\/syzkaller"},{"key":"e_1_3_2_1_30_1","unstructured":"Lei Long and Peng Xiao. 2015. Optimized Fuzzing IOKit in iOS. In (Blackhat USA)."},{"key":"e_1_3_2_1_31_1","unstructured":"ARM LTD. 2024. CoreSight Architecture. https:\/\/developer.arm.com\/Architectures\/CoreSight%20Architecture."},{"key":"e_1_3_2_1_32_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Pan Jianfeng","year":"2017","unstructured":"Jianfeng Pan, Guanglu Yan, and Xiaocao Fan. 2017. Digtool: A virtualization-based framework for detecting kernel vulnerabilities. In 26th USENIX Security Symposium (USENIX Security 17). 149--165."},{"key":"e_1_3_2_1_33_1","unstructured":"Zhenpeng Pan. 2022. The Journey To Hybrid Apple Driver Fuzzing. In (Power of Community). https:\/\/powerofcommunity.net\/poc2022\/ZhenpengPan.pdf"},{"key":"e_1_3_2_1_34_1","volume-title":"GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation. In 32nd USENIX Security Symposium (USENIX Security 23)","author":"Peng Hui","year":"2023","unstructured":"Hui Peng, Zhihao Yao, Ardalan Amiri Sani, Dave Jing Tian, and Mathias Payer. 2023. GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation. In 32nd USENIX Security Symposium (USENIX Security 23). 1883--1899."},{"key":"e_1_3_2_1_35_1","unstructured":"Jonathan Salwan. 2015. Triton: a dynamic binary analysis library. https:\/\/github.com\/JonathanSalwan\/Triton."},{"key":"e_1_3_2_1_36_1","unstructured":"Sven Peter. 2021. Apple Silicon Hardware Secrets: SPRR and Guarded Exception Levels (GXF). https:\/\/blog.svenpeter.dev\/posts\/m1_sprr_gxf\/."},{"key":"e_1_3_2_1_37_1","volume-title":"HW: SPRR and GXF. https:\/\/github.com\/AsahiLinux\/docs\/wiki\/HW:-SPRR-and-GXF\/.","author":"Peter Sven","year":"2021","unstructured":"Sven Peter. 2021. HW: SPRR and GXF. https:\/\/github.com\/AsahiLinux\/docs\/wiki\/HW:-SPRR-and-GXF\/."},{"key":"e_1_3_2_1_38_1","unstructured":"UTM. 2024. UTM is a full featured system emulator and virtual machine host for iOS and macOS. https:\/\/github.com\/utmapp\/U\u2122."},{"key":"e_1_3_2_1_39_1","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Wang Xingkai","year":"2024","unstructured":"Xingkai Wang, Wenbo Shen, Yujie Bu, Jinmeng Zhou, and Yajin Zhou. 2024. DMAAUTH: A Lightweight Pointer Integrity-based Secure Architecture to Defeat DMA Attacks. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA, 1081--1098. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/wang-xingkai"},{"key":"e_1_3_2_1_40_1","unstructured":"Yu Wang. 2018. Attacking the macOS Kernel Graphics Driver. In Attacking the macOS Kernel Graphics Driver. https:\/\/media.defcon.org\/DEF%20CON%2026\/DEF%20CON%2026%20presentations\/DEFCON-26-Yu-Wang-Attacking-The-MacOS-Kernel-Graphics-Driver-Updated.pdf"},{"key":"e_1_3_2_1_41_1","volume-title":"Kemon: An Open Source Pre and Post Callback-based Framework for macOS Kernel Monitoring. https:\/\/github.com\/didi\/kemon?tab=readme-ov-file.","author":"Wang Yu","year":"2018","unstructured":"Yu Wang. 2018. Kemon: An Open Source Pre and Post Callback-based Framework for macOS Kernel Monitoring. https:\/\/github.com\/didi\/kemon?tab=readme-ov-file."},{"key":"e_1_3_2_1_42_1","unstructured":"Lilang Wu and Moony Li. 2019. LLDBFuzzer: Debugging and Fuzzing the Apple Kernel. https:\/\/www.trendmicro.com\/en_us\/research\/19\/h\/lldbfuzzer-debugging-and-fuzzing-the-apple-kernel-with-lldb-script.html"},{"key":"e_1_3_2_1_43_1","unstructured":"Chen Xiaobo and Xu Hao. 2012. Find Your Own iOS Kernel Bug. In (Power of Community). https:\/\/papers.put.as\/papers\/ios\/2012\/Xu-Hao-Xiabo-Chen-Find-Your-Own-iOS-Kernel-Bug.pdf"},{"key":"e_1_3_2_1_44_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Yin Tingting","year":"2023","unstructured":"Tingting Yin, Zicong Gao, Zhenghang Xiao, Zheyu Ma, Min Zheng, and Chao Zhang. 2023. KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations. In 32nd USENIX Security Symposium (USENIX Security 23). 5039--5054."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3575693.3575735"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Salt Lake City UT USA","acronym":"CCS '24"},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690376","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690376","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:16:45Z","timestamp":1755843405000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690376"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":45,"alternative-id":["10.1145\/3658644.3690376","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690376","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}