Spiteful Fruit: How an 8-Byte Kernel Heap OOB Write Poisons AppleRAID and Opens the Door to macOS Kernel Code Execution + Video

Listen to this Post

Featured Image

Introduction:

A single attacker-controlled 8-byte out-of-bounds write. No privileges required. Just a crafted disk image and a kernel panic waiting to happen. That is the reality of CVE-2026-XXXX (pending), a vulnerability in Apple’s `AppleRAID` kernel extension discovered by Alexandre Borges. Dubbed “Spiteful Fruit,” this flaw allows an unprivileged process to write a live kernel pointer into an arbitrary heap location, turning a simple disk attachment into a reliable denial-of-service—and potentially, full kernel code execution. In an era where memory corruption in the kernel is increasingly rare thanks to mitigations like TXM and PAC, this vulnerability stands out for its shocking simplicity and the fact that it was found not by a team of zero-day hunters, but by an LLM (Claude Opus 4.8). This article dissects the root cause, explores the exploitation path, and provides actionable steps for security professionals to understand, test, and defend against such flaws.

Learning Objectives:

  • Understand the root cause of the AppleRAID heap out-of-bounds write and why traditional bounds checking failed.
  • Learn how to reproduce the crash in a lab environment using a crafted disk image.
  • Explore the exploitation chain from OOB write to type confusion and potential kernel code execution.
  • Identify the mitigations that make exploitation harder (TXM, PAC, KASLR) and how this vulnerability bypasses some of them.
  • Gain practical skills in kernel debugging, heap spraying, and IOKit vulnerability analysis on macOS.

You Should Know:

  1. The Anatomy of the AppleRAID Heap OOB Write

The `com.apple.driver.AppleRAID` kernel extension is responsible for managing Apple software RAID sets. When a disk image is attached, the driver reads on-disk metadata to assemble the RAID set. The vulnerable function is AppleRAIDSet::addMember, which stores a pointer to each member object in a heap-allocated array called members.

Here is the critical flaw: the index used to store the member pointer is taken directly from the on-disk header (AppleRAID-MemberIndex) with no bounds check against the array length. The array is allocated as `IOMallocTypeVarImpl(8 memberCount)` in resizeSet. An attacker can craft a disk image with a large `memberIndex` value, causing the driver to write an 8-byte live kernel pointer (AppleRAIDMember) to members_base + 8 attacker_index—far outside the allocated heap buffer.

The assembly at `0xfffffe00098bc290` reveals the dangerous logic:

LDR X11, [SP,var_58] ; X11 = memberIndex (from on-disk)
LDR X9, [X20,0x168] ; X9 = members base pointer
LSL X10, X11, 3 ; X10 = 8  memberIndex
CMP X10, W10,SXTW ; ONLY checks signed-32 overflow, NOT bounds!
ADD X8, X9, W10,SXTW ; X8 = members_base + 8idx (OOB target)
STR X19, [bash] ;  OOB WRITE: members[bash] = live pointer

Step-by-step guide to reproduce the panic (lab only):

  1. Create a crafted disk image using a hex editor or a Python script. The image must contain an `Apple_RAID` partition with a `AppleRAID-MemberIndex` property set to a value greater than the allocated member count (e.g., 0x41414141).
  2. Attach the disk image using hdiutil attach -1omount /path/to/crafted.dmg.
  3. Trigger the driver by attempting to mount or query the RAID set. The kernel will panic with a trap at the OOB write site.
  4. Capture the panic log using `sudo dmesg | grep -i panic` or by checking /Library/Logs/DiagnosticReports/Kernel.panic.

Linux/Windows command equivalent for forensic analysis: While this is a macOS-specific vulnerability, security analysts on other platforms can use the following to analyze disk images for similar metadata injection flaws:
– Linux: `xxd /path/to/disk.img | grep -i raid` – Hex dump and search for RAID signatures.
– Windows: Use `HxD` or `WinHex` to manually inspect disk images for embedded index values.
– Python (cross-platform): Use the `struct` module to parse and modify binary RAID headers.

2. From OOB Write to Kernel Code Execution

The OOB write itself writes a live kernel pointer (a vtable-bearing `AppleRAIDMember` object) to an attacker-controlled location. This is not a simple data corruption—it is a pointer write. The attacker controls both the index (and thus the target address) and the value (the pointer to a valid kernel object).

The path to code execution involves:

  1. Heap spraying to place attacker-controlled data at the target OOB write location. Since the write occurs into the kernel heap, the attacker must groom the heap so that the OOB write corrupts a sensitive structure (e.g., a vtable pointer, a function pointer, or a reference count).
  2. Type confusion – By overwriting a vtable pointer with the `AppleRAIDMember` vtable, the attacker can later trigger a virtual call that redirects execution to attacker-controlled code.

3. Bypassing mitigations – Modern macOS kernels include:

  • TXM (Trusted Execution Memory) – prevents execution of writable memory.
  • PAC (Pointer Authentication Codes) – cryptographically signs pointers to prevent tampering.
  • KASLR – randomizes kernel base addresses.

However, the OOB write occurs before any PAC validation on the stored pointer, and the pointer is a legitimate kernel object, not a forged one. This means the attacker can leverage existing kernel code to achieve arbitrary read/write without needing to forge PAC signatures.

Step-by-step for exploitation research:

  1. Identify the heap allocation size – `8 memberCount` – and determine the surrounding heap layout.
  2. Spray the kernel heap with objects of known size to place a target structure (e.g., a `task_t` or proc_t) at the OOB write destination.
  3. Trigger the OOB write to corrupt the target structure’s vtable or function pointer.
  4. Invoke the corrupted object (e.g., by calling a method on the RAID member) to gain control of the instruction pointer.
  5. Escalate privileges by overwriting the `uid` or `gid` of the current process, or by installing a kernel payload.

Kernel debugging commands (macOS):

– `sudo nvram boot-args=”debug=0x144 kdp_match_name=appleraid”` – Enable kernel debugging.
– `sudo dmesg | grep -i appleraid` – Monitor driver activity.
– `lldb -k` – Attach the kernel debugger (requires two Macs or a VM).

3. Mitigations and Why They Failed

Apple’s security response stated that the issue was already addressed in a public beta prior to submission, rendering it ineligible for a CVE or bounty. This highlights a critical gap: beta testing is not a substitute for rigorous code review. The vulnerability persisted in shipping versions until the beta fix was released.

The root cause is a classic missing bounds check – a mistake that should have been caught by static analysis or fuzzing. The fact that an LLM (Claude Opus 4.8) discovered it underscores the potential of AI-assisted vulnerability research, but also the inadequacy of current automated testing in Apple’s development pipeline.

How to prevent similar flaws:

  • Always validate user-controlled indices against the allocated array length before dereferencing.
  • Use `__builtin_` overflow checks in C/C++ to catch arithmetic overflows.
  • Employ fuzzing with tools like `libFuzzer` or `syzkaller` on IOKit drivers.
  • Enable kernel sanitizers (e.g., KASAN) during testing to catch OOB accesses.

Command to check for similar vulnerabilities (Linux):

 Search for unsafe array indexing in kernel code
grep -r "[\s.\s]" --include=".c" /path/to/kernel/source | grep -v "sizeof"

Windows equivalent (PowerShell):

Get-ChildItem -Recurse -Filter .c | Select-String -Pattern "[.]" | Where-Object { $_ -1otmatch "sizeof" }

4. The Role of AI in Vulnerability Research

Alexandre Borges’ discovery is remarkable not only for the technical impact but for the method: he “threw Opus at the XNU kernel”. Claude Opus 4.8, an LLM, identified a heap OOB write that had eluded human researchers and traditional tooling. This marks a paradigm shift in vulnerability research.

AI-assisted code review can:

  • Analyze large codebases at scale, flagging patterns like unchecked array indices.
  • Generate proof-of-concept code to validate findings.
  • Suggest fixes based on secure coding guidelines.

However, AI is not a silver bullet. Opus 4.8 struggled with finding zero-days in general; this was a “lucky” find. The real value lies in augmenting human expertise, not replacing it.

Practical exercise: Use an LLM to review a snippet of kernel code for similar flaws. “Analyze this function for out-of-bounds writes where the index is derived from user-controlled input.”

5. Defensive Strategies for Security Teams

For organizations relying on macOS in their environment, this vulnerability (and others like it) pose a significant risk. While Apple has patched it in beta, the timeline between beta and general release leaves a window of exposure.

Recommendations:

  • Block untrusted disk images from being mounted. Use endpoint detection and response (EDR) to monitor for `hdiutil` or `diskutil` activity.
  • Enable System Integrity Protection (SIP) – while it does not prevent this specific OOB write, it limits the impact of post-exploitation.
  • Apply patches immediately once Apple releases the fix. Monitor Apple’s security updates closely.
  • Implement application allowlisting to prevent unprivileged processes from invoking disk arbitration APIs.

Command to monitor disk attachment (macOS):

sudo fs_usage -w -f filesys | grep -i attach

Windows equivalent (Sysinternals):

handle.exe -a \.\PhysicalDrive

What Undercode Say:

  • Key Takeaway 1: The `AppleRAID` heap OOB write is a textbook example of how a single missing bounds check can compromise an entire operating system kernel. The attack surface of IOKit drivers remains a prime target for both researchers and malicious actors.

  • Key Takeaway 2: AI-assisted vulnerability discovery is no longer science fiction. Claude Opus 4.8 demonstrated that LLMs can, under the right conditions, identify complex memory corruption bugs that traditional tools miss. This will accelerate the pace of both defensive and offensive research.

Analysis:

The “Spiteful Fruit” vulnerability is a wake-up call for Apple and the broader security community. It exposes a fundamental weakness in the kernel’s IOKit subsystem, which has a history of similar flaws (e.g., CVE-2019-8605, CVE-2020-27932). The fact that it was found by an LLM rather than a human researcher suggests that automated tools are catching up to—and in some cases surpassing—manual code review. However, the response from Apple’s Security Engineering and Architecture (SEAR) team—denying CVE credit because the issue was already fixed in beta—raises ethical questions about disclosure and researcher recognition. Borges’ decision to publish the full details (albeit with a Patreon paywall for early access) reflects a growing trend of researchers bypassing traditional coordinated disclosure when they feel slighted. For defenders, the lesson is clear: rely on multiple layers of mitigation, assume that kernel drivers contain bugs, and prioritize patching above all else.

Prediction:

  • +1 The increasing use of AI in vulnerability research will lead to a surge in discovered flaws, forcing vendors to adopt more robust testing and faster patch cycles. This will ultimately make software more secure.
  • -1 The adversarial use of AI to find and weaponize vulnerabilities will outpace defensive capabilities, leading to a rise in zero-day exploits targeting kernel drivers like AppleRAID.
  • -1 Apple’s handling of this disclosure—denying CVE credit for a beta-fixed issue—will discourage independent researchers from reporting bugs, potentially driving more exploits into the gray market.
  • +1 The public release of this vulnerability (as an n-day in Fall 2026) will serve as an educational resource for the community, improving the overall skill level of macOS security professionals.
  • -1 Organizations that fail to patch promptly will be at elevated risk, as proof-of-concept exploits for this flaw will likely circulate widely once the n-day is released.

▶️ Related Video (68% Match):

🎯Let’s Practice For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

IT/Security Reporter URL:

Reported By: Aleborges Cybersecurity – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky