Dirty Bin Cache: A New Code Injection Poisoning Binary Translation Cache

In recent years, Arm processors have become popular on laptops, not limited to embedded devices. For example, Apple announced the Mac transition from Intel to Armbased Apple Silicon in 2020, which made a big splash. Apple Silicon Mac has Rosetta 2, which enables the execution of Intelbased apps by translating x64 code into Arm64 code. Several researchers have conducted research on Rosetta 2 from a performance perspective. However, to our best knowledge, there is no research on Rosetta 2 from a security perspective. In this talk, we present a new code injection vulnerability in Rosetta 2. Rosetta 2 stores binary translation results as AheadOfTime (AOT) files, which are cached and reused for the next application By: Koh Nakagawa Full Abstract and Presentation Materials: