Google’s Project Zero team has exposed a “high severity” flaw in macOS’ kernel. The team of Google usually reveals the bugs and security flaws within systems of Google, as well as for some other big companies. Last year, the team had revealed vulnerabilities in Microsoft’s Windows 10 S and Microsoft Edge browser.
Google detailed about the flaw in Apple’s macOS kernel on its Chromium bug tracker (via Neowin) last week noting that it was first disclosed to Apple back in November 2018. The company has a policy of reporting the bug privately to the manufacturers, and later the bug gets disclosed publicly after 90 days.
It is noted that a security researcher from Google’s Project Zero discovered a bug in macOS’ kernel, XNU. The bug states if a modification is made to a user-owned mounted filesystem image, the virtual management system isn’t notified of those changes. Which means that an attacker can potentially take malicious actions without the mounted filesystem knowing about it.
“XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might be able to exploit double-reads in the destination process.
This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem,” noted Google on Chromium bug tracker.
Meanwhile, Apple has also acknowledged the issue reported by Google’s Project Zero team. The company has started working on a fix and intends to patch the issue in a future macOS release, although there is no timeline available on that just yet.