We are excited to announce that our latest research, "CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon," a joint collaboration between Zhejiang University, Zhongguancun Laboratory, and CyberServal, has been accepted at the 31st ACM Conference on Computer and Communications Security (ACM CCS 2024).

Security Challenges in XPU Architectures

Modern computing architectures increasingly rely on specialized XPUs—such as Graphics Processing Units (GPUs), Display Co-processors, Neural Processing Units (NPUs), and Secure Enclave Processors—to handle domain-specific workloads. However, from a security standpoint, these architectures pose unique risks:

• XPU security maturity significantly lags behind CPU security, leaving critical attack surfaces unprotected.
• Traditional security mechanisms struggle to monitor and defend XPUs, making them highly attractive targets for Advanced Persistent Threats (APTs).
• Past vulnerabilities, such as CVE-2021-30983, CVE-2022-32894, and CVE-2023-27930, have already demonstrated how adversaries can exploit these weaknesses.

One of the most critical security concerns stems from Apple Silicon's Unified Memory Architecture (UMA). Designed to optimize memory access across CPUs and XPUs, UMA leverages cross-XPU shared memory regions to enhance performance. However, this optimization also introduces a novel bidirectional attack surface, significantly expanding the threat landscape.

Introducing CrossFire: A Novel Approach to XPU Security Assessment

To systematically evaluate these risks, we developed CrossFire, a purpose-built fuzzing framework based on the m1n1 virtualization architecture. CrossFire introduces two major technical innovations:

• Precise detection of cross-XPU shared memory regions
• Enhanced fuzzing constraints through kernel execution tracing

By leveraging these techniques, CrossFire can systematically identify vulnerable memory regions and refine fuzzing payloads for greater effectiveness. In initial testing, CrossFire uncovered 15 zero-day vulnerabilities, 8 of which have been confirmed by Apple.

CyberServal’s Track Record in Cutting-Edge Security Research

CyberServal is proud to contribute to the advancement of cybersecurity at ACM CCS 2024, reaffirming our technical leadership in vulnerability research, data security, and cutting-edge threat analysis.

In addition, CyberServal’s research team has been invited to present at Black Hat conferences 10 times, marking a significant milestone in our contribution to global cybersecurity advancements. We have also been featured at DEF CON, ACM, USENIX, and other leading security conferences, showcasing our expertise in vulnerability research and innovative security methodologies.

About ACM CCS

The ACM Conference on Computer and Communications Security (ACM CCS) is one of the top four international cybersecurity conferences, alongside IEEE S&P, USENIX Security, and NDSS. Recognized as an A-tier conference by the China Computer Federation (CCF), ACM CCS has a long-standing reputation for publishing pioneering research in cybersecurity and privacy.

With an acceptance rate of approximately 18% over the past decade, ACM CCS represents the cutting edge of system and network security research. Papers accepted at this venue shape the future of security technologies and threat mitigation strategies worldwide.