Google Project Zero Details macOS coreaudiod Exploit Chain

Executive Summary

Google Project Zero researcher Jann Horn published a detailed technical analysis of an exploit chain targeting macOS's coreaudiod system daemon, leveraging two vulnerabilities — a type confusion (CVE-2024-54529) and a double-free (CVE-2025-31235) — to achieve sandbox escape. The research, released January 2026 as part of a two-part series, demonstrates how knowledge-driven fuzzing can uncover deep-seated bugs in Apple's audio subsystem. Apple patched CVE-2024-54529 in macOS 14.5 (May 2024) and CVE-2025-31235 in macOS 15.2 (December 2025). No active exploitation has been publicly reported, but the exploit chain is fully weaponized and could be adapted by threat actors targeting macOS environments.

Technical Analysis

The vulnerabilities reside in coreaudiod, the macOS daemon responsible for audio processing and routing. CVE-2024-54529 is a type confusion bug in the handling of audio stream formats. When a client sends a specially crafted audio format descriptor, the daemon misinterprets the object type, leading to an out-of-bounds read that can be escalated to arbitrary code execution within the daemon's process context.

CVE-2025-31235 is a double-free vulnerability in the memory management of audio buffer queues. Under specific timing conditions, the daemon frees a buffer twice while a concurrent thread still holds a reference, corrupting the heap. Horn's exploit chains the two bugs: the type confusion provides an initial arbitrary read/write primitive within coreaudiod, and the double-free is used to gain full control of the daemon's execution flow.

Because coreaudiod runs as the _coreaudiod user with access to system audio hardware and IPC mechanisms, a compromised daemon can interact with other privileged services. Horn demonstrated that from this foothold, an attacker can escape the sandbox by hijacking XPC connections or abusing Mach port rights, ultimately achieving code execution as the root user.

The exploit does not require user interaction beyond launching a malicious application or visiting a compromised website that triggers audio processing. The attack surface is broad: any application that uses Core Audio APIs — including web browsers, media players, and VoIP clients — can be a vector.

Mitigations & Recommendations

Apple has addressed both CVEs in security updates. Defenders should verify that all macOS systems are running at least macOS 14.5 (for CVE-2024-54529) and macOS 15.2 (for CVE-2025-31235). Organizations with macOS fleets should prioritize these updates, especially on devices used for sensitive communications or audio processing.

For environments where patching is delayed, monitoring for anomalous coreaudiod behavior — such as unexpected child processes, unusual network connections from the daemon, or crashes in audio services — can indicate exploitation attempts. Application sandboxing and endpoint detection rules that flag coreaudiod memory access violations may also provide early warning.