Google's Zero-Day Attack Team announced that it found a serious vulnerability in the macOS kernel

by pixelcreatures

Google 's " Project Zero " specializing in studying and dealing with zero day attacks announced that there is a serious vulnerability in macOS. Project Zero has reported vulnerabilities to Apple in November 2018, but since the batch has not been distributed even after 90 days, it seems that we have made information publicly available.

1726 - XNU: copy-on-write behavior bypass via mount-of-user-owned filesystem image - project-zero - Monorail

Google Discloses Unpatched 'High-Severity' Flaw in Apple macOS Kernel

Google reveals "high severity" flaw in macOS kernel - Neowin

Ultra Excellent Bug Hunter and Shadow of Hacker Take Countermeasures against Zero-Day Attacks Google's security team " Project Zero " reports vendors to software vulnerabilities, and has reported to Samsung's software and Windows 10 S , Microsoft Edge vulnerability has been discovered and reported.

Google's vulnerability discovery team "Project Zero" is bothering me with "vulnerability reporting to vendor" - GIGAZINE

Newly reported that Project Zero is vulnerable to XNU which is the kernel of macOS. This vulnerability is about copy-on-write (COW) function of XNU. The program generates a copy from the source data at the time of execution. Although this copy is usually protected even if the source data is modified, the newly discovered vulnerability may cause the copy to affect the modification of the source data, double read the copy destination and the source data It will make exploit possible.

As a result, even if the physical file system is altered, the user will not be notified of the change. In other words, there is a possibility that a malicious attacker will not know the user, modify the file system, and in the worst case the system will be hijacked.

by Pexels

After reporting the vulnerability to the vendor, Project Zero gives 90 days to fix patch distribution. This case was also informed to Apple in November 2018, but because there was no correction batch distribution during the period, information came to be open to the public from the judgment that "the user is in danger" . However, Apple is dealing with the problem with Project Zero at the time of writing the article, it is expected that the vulnerability will be fixed at the future release of macOS.

in Security, Posted by logq_fa