After detecting security flaws in various Microsoft products, containing Windows 10 itself, the Google Project Zero team arrives back with a recent public revelation, this time influencing macOS of Apple. Because as the security analysts operating at Google detected, a flaw in the macOS kernel permits a striker to maltreat the mode file-system images are escalated to create data alterations.

The Google Project Zero team defines in the technical research of the flaw that the mode the copy-on-write property is executed in macOS creates it probable for a user to create alterations to a escalated the file system image without the OS to be familiar of them.

“If an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem,” the original advisory notes.

Apple Already Active on a Patch

The flaw was initially reported last year in November 2018 to Apple, and the company was rendered with a Ninety-day deadline for launching a patch as per the Google Project Zero policy. Google openly revealed the flaw last month lately in February 2019 because Apple let down to offer a fix before reaching the deadline.

However, Apple has so far admitted the security vulnerability, and it is presently active with the Project Zero team on mentioning it.

“We’ve been in contact with Apple regarding this issue, and at this point no fix is available. Apple are intending to resolve this issue in a future release, and we’re working together to assess the options for a patch,” the Google security researchers explained.

Particulars as to when Apple could launch the patch are not apparently acquirable merely so far, and as with everything Apple, any particulars are unavailable at the moment.

Leave a Reply

Your email address will not be published. Required fields are marked *