Home Products Firmwares Tutorials News Forum
3uTools for Windows/macOS
Windows macOS Detail
3uTools for iOS
Download Detail
NEWS
Google Reveals a "High Severity" Flaw in macOS Kernel
1919
2019-03-05
Posted by 3uTools

Google's Project Zero team is well-known for its knack of finding security flaws in the company's own products as well as those manufactured by other firms. Its members locate flaws in software, privately report them to the manufacturers, and give them 90 days to resolve the problem before publicly disclosing it.


Last year, the team revealed vulnerabilities in Windows 10 S and Microsoft Edge. Now, it has exposed a "high severity" flaw in macOS' kernel.


Google Reveals a


A security researcher from Google's Project Zero has discovered that even though macOS' kernel, XNU, allows copy-on-write (COW) behaviour in some cases, it is essential that any copied memory is not available for modifications from the source process. While COW is a resource-management technique that is not inherently flawed, it appears that Apple's implementation of it certainly is.


Project Zero has found out that if a user-owned mounted filesystem image is modified, the virtual management subsystem is not informed of the changes, which means that an attacker can potentially take malicious actions without the mounted filesystem knowing about it. The detailed explanation can be found below:

Google Reveals a

This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.


This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.


The researcher informed Apple about the flaw back in November 2018, but the company is yet to fix it even after exceeding the 90-day deadline, which is why the bug is now being made public with a "high severity" label. That said, Apple has accepted the problem and is working with Project Zero on a patch for a future macOS release. You can also view the proof-of-concept code that demonstrates the problem on the dedicated webpage here.

 

Source: neowin

Related Articles
macOS High Sierra 10.13.2 Beta 4 Now Available Alibaba Pandora Lab Jailbreaks iOS 11.2 Successfully Apple Releases macOS Catalina With Find My, Screen Time, and No More iTunes Rumor: Apple Blocks Activation on iOS 9.0-9.3.5 Firmware iCloud Bypass Bug Discovered in iOS 11 Apple Still Signing iOS 11.3 Beta 5/6, Downgrade to It to Jailbreak Your iPhone iOS 10.3 Jailbreak / iOS 10.3.1 Jailbreak How to Download Apple’s Official iOS IPSW with One Simple Step?
Connect with us
About Us Legal Statement Disclaimer
© 2010 - 2023 3uTools. All Rights Reserved.
3uTools can manage files, download apps / wallpapers / ringtones, flash, jailbreak
An All-in-one Tool for iOS Devices