Google security team reports macOS file system high-risk vulnerability


Google Security Research Team, Project Zero, today discovered and reported a high-risk vulnerability in macOS’s file kernel system. This vulnerability allows a malicious person to modify a file system image installed by a user. This modification will not be noticed by the user due to the management of the virtual subsystem.

The vulnerability exploits XNU’s copy-on-write (COW) behavior to write data between processes. This copy-on-write behavior applies not only to anonymous memory but also to file mirroring. Project Zero explained that this means that after the target process has read into the memory area, the memory can be reloaded in the backing file system even if the cache is released.

Gizchina News of the week


Project Zero discovered the vulnerability in November 2018 and informed Apple of its existence and subsequently published it under an automated 90-day disclosure policy. Team researcher Ben Hawkes pointed out that they are currently jointly evaluating options for patches, and Apple intends to address this issue in a future release.

This is not the first time Project Zero has pointed out a vulnerability in Apple software. In February of this year, it was reported that Apple patched two vulnerabilities discovered by the team on iOS. These two vulnerabilities have been used to crack iOS devices. Apple is currently developing a corresponding security update, but since Google has disclosed the vulnerability details in advance, macOS users need to pay special attention to the security of accessing websites and downloading files.

Disclaimer: We may be compensated by some of the companies whose products we talk about, but our articles and reviews are always our honest opinions. For more details, you can check out our editorial guidelines and learn about how we use affiliate links.

Source/VIA :
Read Also:  Stay Secure: Discover Android's New Theft Prevention Tools
Previous Three more Huawei models get EMUI 9.0 update
Next Huang Zhang: There was no plans to mass produce Meizu Zero