Google Shares Details on Unpatched 'High Severity' macOS Kernel Flaw

by

Google's Project Zero team in November found a "high severity" macOS kernel flaw that was recently disclosed (via Neowin) following the expiration of a 90 day disclosure deadline.

As explained by Google, the flaw allows an attacker to modify a user-owned mounted filesystem image without informing the virtual management subsystem of the changes, meaning a hacker can tweak a file system image without user knowledge.

macbookprodesign

This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.

This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.

According to Google, Apple has not yet fixed this issue. Apple is planning to implement a fix in an upcoming software update, however.

We've been in contact with Apple regarding this issue, and at this point no fix is available. Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch. We'll update this issue tracker entry once we have more details.

Google released the details on the bug without a fix from Apple because of its Project Zero policies. After discovering a security flaw, Project Zero provides details to the company that makes the software, providing them with 90 days to fix it before disclosure.

Google then publicly shares details on security flaws when a bug is fixed or when the 90-day deadline expires. Apple was informed of the bug in November, and the 90 day period elapsed without a fix.

Mac users should, as always, be wary of the files they're downloading to avoid attacks like this, making sure to download files only from trusted sites. It's not known if this is a bug that's easy to exploit, but Google has marked it as severe because it has the potential to bypass macOS safeguards.

Tag: Google

Popular Stories

10

Apple to Launch New Products Starting Next Week, Claims Dubious Leak [Updated]

Friday October 10, 2025 5:57 am PDT by
Update: the Naver account appears to be referencing a speculative post on X by Vadim Yuryev, dated October 6. The original article follows. Apple will announce new products through a series of press releases beginning as soon as next week, according to a dubious claim posted on the Korean blog Naver. The Naver blog account yeux1122, which aggregates rather than originates Apple...
Read Full Article6 comments
apple invite colorado%402x

Apple Hosts Unusual Colorado Event to Showcase Latest Hardware

Thursday October 9, 2025 1:17 pm PDT by
Apple has invited a group of social media influencers to Colorado this week for an unusual event involving group hiking, trail running, and other outdoor activities designed to showcase the company's recently launched iPhone 17 Pro Max, AirPods Pro 3, and Apple Watch Ultra 3. An invitation was shared on X (Twitter) by photographer Johnny Hawk, featuring a simple message: "Hi Johnny. We're so ...
Read Full Article84 comments
10

Apple Event This October? Here's the Latest on What to Expect

Thursday October 9, 2025 7:00 am PDT by
While it is unclear if Apple will host an October event this year, or stick to press releases, rumors suggest it will announce several new products this month. The graphic for Apple's "Unleashed" event in October 2021 Below, we have recapped everything to know about a potential Apple event this October. When The table below outlines when Apple teased its October launches over the past...
Read Full Article28 comments
spring 2022 possible macs

When Will Apple's Macs Get M5 Chips? 2025-2026 Launch Timeline

Wednesday October 8, 2025 3:59 pm PDT by
We're just about due for the next-generation Apple silicon chip, which will kick off a new wave of Mac refreshes. The M5 chip is expected to make an appearance in some new products before the end of the year, but most Mac refreshes will happen in 2026. We've rounded up current rumors on when we might see updates for Apple's notebook and desktop machines. MacBook Pro The MacBook Pro could ...
Read Full Article70 comments
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 3, AirPods Pro 2 and AirPods 4

Tuesday October 7, 2025 11:27 am PDT by
Apple today released new firmware designed for the AirPods Pro 3, prior-generation AirPods Pro 2, and the AirPods 4 models. The firmware has a build number of 8A358, up from 8A356. There's no word on what's include in the updated firmware, but the prior 8A356 update added iOS 26 features to the AirPods Pro 2, AirPods Pro 3, and AirPods 4 with ANC. The software introduced better audio quality ...
Read Full Article145 comments
vivo liquid glass

iOS 26 Liquid Glass Design Copied by Android Smartphone Maker

Thursday October 9, 2025 4:07 pm PDT by
Chinese smartphone maker Vivo has taken some inspiration from Apple's Liquid Glass design language for its latest operating system update, OriginOS 6. Unveiled this week, OriginOS 6 has the same rounded buttons and translucent glass look as iOS 26. In a demo video, a Vivo smartphone features an interface that could be easily mistaken for iOS 26. There's a Liquid Glass clock, Control Center,...
Read Full Article147 comments
iPhone 17 Pro Colors

iPhone 18 Pro Already Rumored to Have These 6 New Features

Saturday October 11, 2025 10:10 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are still nearly a year away, a handful of new features and changes have already been rumored for the devices. Below, we have recapped some of the early iPhone 18 Pro rumors so far. Smaller Dynamic Island The standard iPhone 18, iPhone 18 Pro, and iPhone 18 Pro Max will be equipped with a slightly smaller Dynamic Island, but the devices will...
Read Full Article30 comments
CarPlay Ultra Aston Martin

These Vehicle Brands Plan to Offer Apple's CarPlay Ultra

Thursday October 9, 2025 8:17 am PDT by
Earlier this year, Apple finally launched CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. However, now nearly five months later, CarPlay Ultra is still limited to just one luxury vehicle brand. CarPlay Ultra features deeper integration with a vehicle's instrument cluster and systems, built-in apps for radio and climate controls, rear-view...
Read Full Article116 comments
AirPods Pro Beta Firmware 2

Apple Releases New Beta Firmware for AirPods Pro 2, AirPods Pro 3 and AirPods 4

Thursday October 9, 2025 11:42 am PDT by
Apple today released new beta firmware that's designed for the AirPods Pro 2, AirPods Pro 3, and AirPods 4. The firmware is limited to developers at the current time, and it has a build number of 8B5014c. The firmware comes as Apple is testing the iOS 26.1 update. It likely adds support for Live Translation in new languages, including Japanese, Korean, Italian, and Chinese (both Mandarin...
Read Full Article36 comments

Top Rated Comments

StellarVixen Avatar
StellarVixen
86 months ago
It happens when you neglect things...
Score: 25 Votes (Like | Disagree)
5105973 Avatar
5105973
86 months ago
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
Score: 20 Votes (Like | Disagree)
quatermass Avatar
quatermass
86 months ago
But, but, but... New Emojis! No really, look, over here - new emojis! And thinner too!
Score: 20 Votes (Like | Disagree)
arkitect Avatar
arkitect
86 months ago
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
By the looks of it, running around in circles…
Score: 20 Votes (Like | Disagree)
eagle33199 Avatar
eagle33199
86 months ago
Out of curiosity, has Google's Project Zero disclosed unpatched issues in Google's own software? I've heard of a few directed at Apple products, but none directed at Google's own products...
Score: 13 Votes (Like | Disagree)
nate13 Avatar
nate13
86 months ago
I think the likelyhood of being exposed to this venerability is quite low (assuming they need physical possession of your hardware, to start). What brought me to the forum was to say, I'm glad for news like this. Not that venerabilities aren't bad, but because knowing there are teams identifying and resolving these issues is making a secure future for everyone. Sure, there are people who can flame Apple for not fixing sooner (I'm sure there are legitimate reasons, not some dude saying "nah, not today Google"), but that we have a culture that is pushing security is encouraging.

I'd be interested to know how many negative commenters are knowledgeable in low level kernel/ file system architecture to even reproduce the venerability, let alone patch it to an installed base of millions of users. It's so easy to critique things you don't understand.
Score: 12 Votes (Like | Disagree)
Read All Comments