Team Google Project Zero found a serious vulnerability in the macOS kernel
The Google Project Zero team is well-known for its ability to find security flaws in both the company's own products and those of other companies. Its members discover flaws in the software, report them to manufacturers privately and give them 90 days to solve the problem before it is publicly disclosed.
In November, they found a " serious vulnerability " in the macOS kernel.
A security researcher from Google Project Zero found that if the image of a mounted file system owned by a user changes, then the virtual management subsystem is not informed about the changes, which means that an attacker could potentially take malicious actions without the knowledge of the mounted file system.
')
Detailed explanation below:
Researchers reported to Apple about this error in November 2018, but the company has not yet fixed it, even after exceeding the 90-day period, so the error is now made public with the label "high degree of seriousness." However, Apple accepted the problem and is working with Project Zero on a patch for the future release of MacOS. You can also view the verification code showing the problem on a dedicated webpage here.
In November, they found a " serious vulnerability " in the macOS kernel.
A security researcher from Google Project Zero found that if the image of a mounted file system owned by a user changes, then the virtual management subsystem is not informed about the changes, which means that an attacker could potentially take malicious actions without the knowledge of the mounted file system.
')
Detailed explanation below:
Copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that after the target process has started reading from the transferred memory area, a change in memory may result in the removal of pages containing the transferred memory from the cache. Later, when deleted pages are needed again, they can be reloaded from the backup file system.
If an attacker can change the file on disk without notifying the virtual management subsystem, then this is a security error. MacOS allows ordinary users to mount file system images. When an image of a mounted file system is modified directly (for example, by callingpwrite()on a file system image), this information will not be transferred to the mounted file system.
Researchers reported to Apple about this error in November 2018, but the company has not yet fixed it, even after exceeding the 90-day period, so the error is now made public with the label "high degree of seriousness." However, Apple accepted the problem and is working with Project Zero on a patch for the future release of MacOS. You can also view the verification code showing the problem on a dedicated webpage here.
Source: https://habr.com/ru/post/442792/
All Articles