I spent a considerable amount of time in 2022 trying to understand the XNU virtual memory subsystem. I definitely still don't understand it, but I did find some fun bugs along the way :) In this talk I'll discuss the story of those bugs, try to explain the the bits of the virtual memory subsystem I now sort-of understand and show how you could use these vulns to do fun stuff.