Google Project Zero discovered a serious security flaw affecting MacOS. While they duly informed Apple of the flaw, the vendors could not release a patch in time. Consequently, the Project Zero team has now disclosed the vulnerability publicly putting a number of Mac machines at risk.
Zero-Day Flaw Discovered In MacOS
Reportedly, Google Project Zero spotted a serious zero-day flaw in MacOS last year. The vulnerability allows an attacker to alter on-disk files upon exploit.
The researchers have explained the details of the flaw along with the PoC in a post. As elaborated, a copy-on-write (COW) vulnerability exists in Apple XNU Kernel. XNU exhibits numerous interfaces that allow creating COW copies of data between processes. This copied data needs robust protection to avoid modifications by the source process later. Supposedly, that’s where the problem occurs. Describing the vulnerability, they state,
“This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.”
Thus, it emerges a security flaw if an attacker succeeds in mutating on disk files without alerting the virtual management subsystem.
Public Disclosure By Google Project Zero
The Project Zero team spotted the vulnerability in November 2018. They then informed Apple of the flaw with a 90-day disclosure deadline for the vendors to release a fix. Eventually, they now have disclosed this flaw publicly since a patch was not available after the 90-day period.
Nonetheless, they do confirm that a patch will be available soon.
“We’ve been in contact with Apple regarding this issue, and at this point no fix is available. Apple are intending to resolve this issue in a future release, and we’re working together to assess the options for a patch.”
We shall update this article after Apple releases a patch for the flaw.