News

Google discloses macOS security flaw before patch is released

By admin
Spread the love

Google’s Project Zero has found a serious flaw in macOS’s XNU kernel and disclosed the details before Apple releases a patch. Google notified Apple about the leak in November last year.

By default, Google Project Zero has a 90-day period after reporting vulnerabilities to a developer, after which the company proceeds to publication. Apple is working on a fix, but when it will appear is unknown.

The vulnerability concerns the copy-on-write, or cow behavior of XNU. “It is important that copied memory is protected from later modifications by the source process,” write the Google Project Zero researchers. Apple’s implementation turned out to be incorrect.

“This means that if an attacker can mutate an on-disk file without informing the virtual management system, it’s a security issue,” Project Zero said. On macOS, this happens when mounting filesystem images: changes to the filesystem are not propagated to the mounted filesystem, which can be abused. The researchers have released a proof-of-concept.

You might also like
News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Zeeland power grid is full, grid operator stops new requests from major consumers

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses