History of Null Pointer Dereferences on macOS

Finding a crash while fuzzing is just the beginning of Vulnerability Research. After finding a crash, Exploit Development is often a long journey. Not every bug is exploitable, and my previous article (Case Study: Analyzing macOS IONVMeFamily Driver Denial of Service Issue) is great proof of that. Sometimes, I am sure that something can be exploited, but then I face a wall of mitigations implemented by the OS. During my recent fuzzing session, I discovered a bug that, after some readings, trial and error, and reverse engineering, was determined to be unexploitable due to various mitigations implemented in macOS over the years. One of these mitigations specifically addresses NULL pointer dereferences. I have come across numerous valuable resources on this subject, but locating them took considerable time. Therefore, I decided to write an overview article summarizing the key points and include links to these references for others seeking answers to a specific question: Why NULL Pointe ... Read full article.