Dead Pixel Detected: A Security Assessment of Apple's Graphics Subsystem
Black Hat USA 2025 · Day 1 · Briefings
Yu Wang's systematic audit of Apple's graphics subsystem uncovered kernel vulnerabilities across every layer of the stack — from legacy Intel and AMD GPU plug-in extensions to Apple Silicon's AGX GPU module, the high-profile IOMobileFrameBuffer component, and the Display Coprocessor (DCP) firmware. Multiple CVEs were issued, several bugs were initially misclassified by Apple as denial-of-service rather than exploitable memory corruption, and at least one vulnerability affecting the latest iOS and macOS releases remains unpatched as of the talk's delivery. ---
AI review
A systematic four-layer audit of Apple's graphics stack that finds real bugs at every level, including a DCP firmware vulnerability in the latest iOS and macOS that's still unpatched. The Apple severity-misdescription problem is a legitimate service to the community. This is good vulnerability research doing what vulnerability research should do.