MacOS flaw disclosed by Project Zero

Walden Systems Geeks Corner News MacOS flaw disclosed by Project Zero security patches Rutherford NJ New Jersey NYC New York North Bergen County
CielView-Server minimizes redundancy in computing resources while allowing users remote desktop access to virtualized user Desktops. CielView-Desktop provides customized solutions to each user in an organization

Google Project Zero researchers disclosed a new MacOS flaw after Apple failed to patch it by the 90-day disclosure deadline. The flaw gives a hacker privileges to perform malicious actions on a mounted filesystem. The Google Project Zero team released a proof-of-concept for the attack after Apple failed to fix the flaw by the 90-day disclosure deadline. The vulnerability was first reported Nov. 30 by Google Zero researcher Ian Beer.

The vulnerability exists in a process called copy-on-write in Apple's XNU kernel. XNU is the computer operating system kernel in the MacOS. According to Apple's official Github page, XNU is a hybrid kernel that combines the Mach kernel developed at Carnegie Mellon University with FreeBSD and C++ components for the drivers. COW is a way to manage resources used in the virtual memory of operating systems. It allows copies of data between processes to be created for anonymous memory and file mappings. It is important that the copied memory is protected against later modifications by the source process. Otherwise, the source process might be able to exploit double-reads in the destination process.


The team at Google discovered that they were able to modify a user-owned mounted file system image and COW didn't inform the virtual management system of the change. This could allow a hacker to launch several MacOS attacks without the virtual management subsystem being informed. A hacker can mutate an on-disk file without informing the virtual management subsystem, this is a sever security bug.

This vulnerability looks pretty bad but because its complexity, the risks for the average user are unclear. Apple had a number of major bugs pop up in the last few years, such as a 2017 macOS High Sierra bug that allowed users to take over other accounts and gain administrative privileges merely by typing “root” into username fields. Another bug that potentially allowed for the extraction of passwords in plaintext. More recently, a bug in Facetime allowed for anyone to eavesdrop on other Facetime users. Currently, there is no patch for cow flaw.