Google will reveal macOS security vulnerability before there is a patch




Googles Project Zero found a serious leak in the MacOS XNU kernel and announced the details about it before Apple has a patch ready. Google briefed Apple in November last year about the leak.

By default, Google Project Zero uses a period of ninety days after reporting vulnerabilities to a developer, after which the company proceeds to publish. Apple does work on a fix, but when it appears, is not known.

The vulnerability concerns the copy-on-write or cow behavior of XNU. “It is important that copied memory is protected from later modifications to the source process,” write the Google Project Zero researchers . This was not in order at Apple’s implementation.

“This means that if an attacker can mutate an on-disk file without informing the virtual management system, this is a security problem,” said Project Zero. With macOS, this plays when mounting filesystem images: changes to the file system are not passed on to the mounted file system, which can be misused. The researchers have released a proof-of-concept.

Previous news article Next news article


In: A Technology & Gadgets Asked By: [23225 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »