Google Shares Details on Unpatched 'High Severity' macOS Kernel Flaw

by

Google's Project Zero team in November found a "high severity" macOS kernel flaw that was recently disclosed (via Neowin) following the expiration of a 90 day disclosure deadline.

As explained by Google, the flaw allows an attacker to modify a user-owned mounted filesystem image without informing the virtual management subsystem of the changes, meaning a hacker can tweak a file system image without user knowledge.

macbookprodesign

This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.

This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.

According to Google, Apple has not yet fixed this issue. Apple is planning to implement a fix in an upcoming software update, however.

We've been in contact with Apple regarding this issue, and at this point no fix is available. Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch. We'll update this issue tracker entry once we have more details.

Google released the details on the bug without a fix from Apple because of its Project Zero policies. After discovering a security flaw, Project Zero provides details to the company that makes the software, providing them with 90 days to fix it before disclosure.

Google then publicly shares details on security flaws when a bug is fixed or when the 90-day deadline expires. Apple was informed of the bug in November, and the 90 day period elapsed without a fix.

Mac users should, as always, be wary of the files they're downloading to avoid attacks like this, making sure to download files only from trusted sites. It's not known if this is a bug that's easy to exploit, but Google has marked it as severe because it has the potential to bypass macOS safeguards.

Tag: Google

Popular Stories

airpods pro 3 purple

New, Higher End AirPods Pro Coming This Year

Tuesday January 20, 2026 9:05 am PST by
Apple is planning to debut a high-end secondary version of AirPods Pro 3 this year, sitting in the lineup alongside the current model, reports suggest. Back in September 2025, supply chain analyst Ming-Chi Kuo reported that Apple is planning to introduce a successor to the AirPods Pro 3 in 2026. This would be somewhat unusual since Apple normally waits around three years to make major...
Read Full Article108 comments
smaller dynamic island iphone 18 pro Filip Vabrous%CC%8Cek

iPhone 18 Pro Leak: Smaller Dynamic Island, No Top-Left Camera Cutout

Tuesday January 20, 2026 2:34 am PST by
Over the last few months, rumors around the iPhone 18 Pro's front-panel design have been conflicted, with some supply-chain leaks pointing to under-display Face ID, reports suggesting a top-left hole-punch camera, and debate over whether the familiar Dynamic Island will shrink, shift, or disappear entirely. Today, Weibo-based leaker Instant Digital shared new details that appear to clarify the ...
Read Full Article57 comments
Apple Logo Spotlight

Apple Expected to Unveil Five All-New Products This Year

Wednesday January 21, 2026 10:54 am PST by
In addition to updating many of its existing products, Apple is expected to unveil five all-new products this year, including a smart home hub, a Face ID doorbell, a MacBook with an A18 Pro chip, a foldable iPhone, and augmented reality glasses. Below, we have recapped rumored features for each product. Smart Home Hub Apple home hub (concept) Apple's long-rumored smart home hub should...
Read Full Article65 comments
Liquid Glass App Store Feature

App Store and Apple TV Experiencing Outage

Tuesday January 20, 2026 4:36 pm PST by
Apple's App Store, iTunes Store, and Apple TV service are experiencing an outage at the current time, according to Apple's System Status page. Apple says that some users may be experiencing issues with the App Store and iTunes Store. Apple also says some users may be seeing intermittent issues with Apple TV. The Apple TV Channels feature is down too, and users may be unable to access some...
Read Full Article42 comments
airtag prime day 2

Apple Developing AirTag-Sized AI Pin With Dual Cameras

Wednesday January 21, 2026 12:31 pm PST by
Apple is working on a small, wearable AI pin equipped with multiple cameras, a speaker, and microphones, reports The Information. If it actually launches, the AI pin will likely run the new Siri chatbot that Apple plans to unveil in iOS 27. The pin is said to be similar in size to an AirTag, with a thin, flat, circular disc shape. It has an aluminum and glass shell, and two cameras at the...
Read Full Article132 comments

Top Rated Comments

StellarVixen Avatar
StellarVixen
90 months ago
It happens when you neglect things...
Score: 25 Votes (Like | Disagree)
5105973 Avatar
5105973
90 months ago
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
Score: 20 Votes (Like | Disagree)
quatermass Avatar
quatermass
90 months ago
But, but, but... New Emojis! No really, look, over here - new emojis! And thinner too!
Score: 20 Votes (Like | Disagree)
arkitect Avatar
arkitect
90 months ago
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
By the looks of it, running around in circles…
Score: 20 Votes (Like | Disagree)
eagle33199 Avatar
eagle33199
90 months ago
Out of curiosity, has Google's Project Zero disclosed unpatched issues in Google's own software? I've heard of a few directed at Apple products, but none directed at Google's own products...
Score: 13 Votes (Like | Disagree)
nate13 Avatar
nate13
90 months ago
I think the likelyhood of being exposed to this venerability is quite low (assuming they need physical possession of your hardware, to start). What brought me to the forum was to say, I'm glad for news like this. Not that venerabilities aren't bad, but because knowing there are teams identifying and resolving these issues is making a secure future for everyone. Sure, there are people who can flame Apple for not fixing sooner (I'm sure there are legitimate reasons, not some dude saying "nah, not today Google"), but that we have a culture that is pushing security is encouraging.

I'd be interested to know how many negative commenters are knowledgeable in low level kernel/ file system architecture to even reproduce the venerability, let alone patch it to an installed base of millions of users. It's so easy to critique things you don't understand.
Score: 12 Votes (Like | Disagree)
Read All Comments