Google’s Project Zero group has uncovered a “high severity” macOS kernel defect that enables an attacker to change a client owned mounted filesystem without the permission of macOS memory manager. Even after getting the information about this defect in the previous year, November, Apple failed to discharge a fix for this issue, leaving macOS clients exposed to the possible malicious misuse. Project Zero group has a strict programmed 90-days revelation approach, which implies regardless of whether an organization has not discharged a fix 90 days subsequent even after being informed by Google, the group will freely uncover the security threats. The group does offer some extra period in case required, but this has not occurred in this case.
A loophole was found in the COW security system of MacOs by the team. The loophole deals with the PC’s memory and ensures that a process doesn’t change the information shared by different processes. It is found that when a mounted filesystem picture is manipulated directly, macOS doesn’t convey this to its memory manager. Thus, there remains the main security threat where an attacker can easily any file without the system’s notice. The wired notes revealed is, that it will be very difficult to destroy the flaw and for that, the victim must have the already malware present in the system.
This news would not get revealed, but violating the rules of the Project, made the threat clear before our eyes. Apple said that it is still working with the flaw and yet not any concrete way is prosecuted. They promised to work as soon as possible and find some ways in the near future.
The analysts of Apple too told this same thing to ZDNet in an announcement. Till then, the users will remain prone to such attacks.