HomeWinBuzzer NewsGoogle Project Zero Discloses High Severity MacOS Kernel Security Flaw

Google Project Zero Discloses High Severity MacOS Kernel Security Flaw

A flaw in MacOS' XNU kernel could let attackers rewrite data used by highly privileged programs and possibly execute code at that level.

-

has revealed a high severity flaw after failed to fix it within 90 days. The flaw is found in the XNU kernel and involves mounted file systems.

Researchers at found they were able to make changes to a mounted filesystem without the user or filesystem being aware. To do so, they made use of an issue with MacOS' copy-on-write protection.

For the unfamiliar, copy-on-write defines how a device manages memory. For efficiency reasons, some programs store data on a user's hard drive rather than keeping it in memory, called the pagefile in Windows.

Naturally, there have to be protections alongside this, and it seems Apple has overlooked mounted file systems. Fortunately, this flaw isn't an easy one to execute.

Patch Incoming

According to Wired, a victim would already need to be infected with malware for this to work. That malware would have to make use of an existing highly privileged program that writes data to the hard drive rather than memory.

It's likely Google has such a program in mind, and at the time of writing there's no fix for this flaw. However, Google reveals that Apple is working with its researchers to craft a patch.

“We've been in contact with Apple regarding this issue, and at this point no fix is available,” wrote a Google engineer last week. “Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch. We'll update this issue tracker entry once we have more details.”

Previously, Google Project Zero has published a number of major flaws. It's found several high severity issues in Windows 10 and Microsoft Edge. Though some disagree with the early disclosures, others believe they're necessary to force companies to act.

SourceGoogle
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News

Mastodon