Google Project Zero Exposes Severe macOS XNU Kernel Flaw After Apple Inaction

Apple reportedly working on a fix already

Apple reportedly working on a fix already

A security researcher from Google's Project Zero has identified a "high severity" security flaw in macOS kernel XNU, that allows copy-on-write (COW) behaviour in some cases (via Neowin).

Through its Project Zero team, Google has appointed itself a vanguard of software security and accountability.

"This copy-on-write behavior works not only with anonymous memory, but also with file mappings", Google's security researchers explained.

Apple's desktop software has gotten significantly more reliable since the release of macOS Mojave last fall, but major flaws continue to slip through the cracks. From time to time, these warnings go unheard until the flaw is made public. In short, if user-owned mounted filesystem image is modified, the virtual management subsystem isn't kept in the loop. According to a report from Neowin, that particular team discovered a "high severity" flaw in the macOS kernel in November of previous year.

If an attacker, therefore, is able to tamper with an on-disk file without the virtual management subsystem being alerted, this is a severe security issue which needs to be tackled. MacOS permits normal users to mount filesystem images.

United States to tighten financial restrictions on Cuba's military: Bolton
He accused the top United States security official of lying when he said there were 25,000 Cuban troops in Venezuela . European partners, whose companies have significant business holdings in Cuba.

Google's Project Zero sticks to a stringent 90-day deadline for vulnerabilities. "When a mounted filesystem image is mutated directly (e.g.by calling pwrite () on the filesystem image), this information is not propagated into the mounted filesystem".

It's often claimed that Apple Inc. products are safe from hacking, but even though that has been proven to be false time and time again, a new vulnerability has emerged that suggests threats have graduated from a soldier with a gun to a B-52 dropping a large bomb.

Apple is working on a fix for the problem, but Mac users will remain vulnerable until a solution is implemented.

"We've been in contact with Apple regarding this issue, and at this point no fix is available", the researchers say.

"Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch", a comment on the bug reads.

Recommended News

  • Five takeaways from Michigan's 69-62 win at Maryland

    Five takeaways from Michigan's 69-62 win at Maryland

    After a disappointing loss to in-state rival Michigan State last Sunday, Michigan had to stew in the defeat for three days. In the win over the Cornhuskers, Michigan's lead scorer was Jon Teske with 22 points and 10 rebounds.
    OR  man survives five days trapped in snow by eating hot sauce

    OR man survives five days trapped in snow by eating hot sauce

    He spent a total five days trapped, where he would periodically turn his vehicle on for warmth. "He's been outdoors. He tried to walk out with his dog but the snow was too deep, so they returned to the vehicle.

    Los Angeles Clippers vs. Los Angeles Lakers Prediction, Preview, and Odds

    The Los Angeles Clippers are averaging 113.9 points on 46.7 percent shooting and allowing 113.7 points on 45.5 percent shooting. The Los Angeles Clippers are shooting 37.9 percent from beyond the arc and 79.4 percent from the free throw line.
  • Montez Sweat: I just want to be as versatile as possible

    Montez Sweat: I just want to be as versatile as possible

    The player didn't specify which team had asked the question, although it was not the only freaky interview incident. Most of those prospects performed as expected, but several exceeded expectations while others disappointed.
    Scientists report a 2nd person has been cured of HIV

    Scientists report a 2nd person has been cured of HIV

    After the bone marrow transplant, the London patient remained on ARV for 16 months, at which point ARV treatment was stopped. Such transplants are risky and have failed in other patients.
    Luke Perry Has Been Hospitalized After a Massive Stroke

    Luke Perry Has Been Hospitalized After a Massive Stroke

    LUKE Perry's co-stars have sent their well wishes to the star after he was hospitalised following a stroke. Perry's co-stars expressed their request for prayers on their official Twitter and Instagram accounts.
  • Lamborghini Debuts $574K Drop-Top Aventador SVJ Roadster

    Lamborghini Debuts $574K Drop-Top Aventador SVJ Roadster

    It's made from high-pressure carbon fiber that adds just 110 pounds to the vehicle compared to the coupe's 3,362-pound dry weight. The SVJ Roadster incorporates the same 6.5-liter naturally aspirated V-12 engine from the coupe, which churns 770 horsepower.
    A never-before released Dr. Seuss book is coming out this fall

    A never-before released Dr. Seuss book is coming out this fall

    He wrote and illustrated 44 children's books under that pen name, but he published other books under the pen name Theo LeSieg. Seuss's Horse Museum, ' a new book by the late children's author, coming September 3.
    Federer hits 100 career wins with Dubai crown

    Federer hits 100 career wins with Dubai crown

    Federer lost to the 20-year-old Tsitsipas, a rising star from Greece, in the last 16 of the Australian Open in January. This is where I've won so many of them, been around for so long.
  • Giants Release Statement On CEO Following Video Of Incident With Wife

    Giants Release Statement On CEO Following Video Of Incident With Wife

    Baer and his wife issued multiple statements addressing the altercation on Friday. Later Friday, she released a statement through her attorney.
    Apex Legends Racks Up 50 Million Players in Its First Month

    Apex Legends Racks Up 50 Million Players in Its First Month

    It's been one month to the day since Apex Legends had a surprise launch on PC, PS4, and Xbox One , and what a month it's been. If you're out of the loop on Apex Legends and wondering what all the fuss is about, no worries.
    Vols beat No. 4 Kentucky, 71-52

    Vols beat No. 4 Kentucky, 71-52

    The Volunteers are tied with Kentucky atop the SEC standings with a conference record of 13-2 and 25-3 overall. United Kingdom and will move back up to the top line of the projected bracket when it is posted on Sunday.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.