Google's Project Zero has reported and publicly disclosed a “high severity” flaw in the macOS kernel which can grant an attacker access to a users computer without their knowledge. Security researchers discovered that if a modification is made to a user-owned mounted filesystem image, the virtual management system isn’t notified of those changes. This lets attacker access to perform malicious actions on that mounted filesystem without the end user ever knowing about it. Google said to have disclosed the flaw to Apple back in November 2018. However, since 90 days have since passed and the company has yet to issue a patch, the flaw has been publicly disclosed. Google has labeled the issue as “high severity,” meaning its impact could be fairly large. Apple has since acknowledged the issue and has started working with Google’s Project Zero on a fix. Apple intends to patch the issue in a future macOS release, but no timeline is available on that just yet. A detailed explanation of the bug: This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory ...
Read Here»
Post a Comment Blogger Facebook
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. As the comments are written and submitted by visitors of The Sheen Blog, they in no way represent the opinion of The Sheen Blog. Let's work together to keep the conversation civil.