Google Shares Details on Unpatched 'High Severity' macOS Kernel Flaw

Google's Project Zero team in November found a "high severity" macOS kernel flaw that was recently disclosed (via Neowin) following the expiration of a 90 day disclosure deadline.

As explained by Google, the flaw allows an attacker to modify a user-owned mounted filesystem image without informing the virtual management subsystem of the changes, meaning a hacker can tweak a file system image without user knowledge.

macbookprodesign

This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.

This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.

According to Google, Apple has not yet fixed this issue. Apple is planning to implement a fix in an upcoming software update, however.

We've been in contact with Apple regarding this issue, and at this point no fix is available. Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch. We'll update this issue tracker entry once we have more details.

Google released the details on the bug without a fix from Apple because of its Project Zero policies. After discovering a security flaw, Project Zero provides details to the company that makes the software, providing them with 90 days to fix it before disclosure.

Google then publicly shares details on security flaws when a bug is fixed or when the 90-day deadline expires. Apple was informed of the bug in November, and the 90 day period elapsed without a fix.

Mac users should, as always, be wary of the files they're downloading to avoid attacks like this, making sure to download files only from trusted sites. It's not known if this is a bug that's easy to exploit, but Google has marked it as severe because it has the potential to bypass macOS safeguards.

Tag: Google

Top Rated Comments

StellarVixen Avatar
42 months ago
It happens when you neglect things...
Score: 25 Votes (Like | Disagree)
GrumpyMom Avatar
42 months ago
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
Score: 20 Votes (Like | Disagree)
quatermass Avatar
42 months ago
But, but, but... New Emojis! No really, look, over here - new emojis! And thinner too!
Score: 20 Votes (Like | Disagree)
arkitect Avatar
42 months ago
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
By the looks of it, running around in circles…
Score: 20 Votes (Like | Disagree)
eagle33199 Avatar
42 months ago
Out of curiosity, has Google's Project Zero disclosed unpatched issues in Google's own software? I've heard of a few directed at Apple products, but none directed at Google's own products...
Score: 13 Votes (Like | Disagree)
nate13 Avatar
42 months ago
I think the likelyhood of being exposed to this venerability is quite low (assuming they need physical possession of your hardware, to start). What brought me to the forum was to say, I'm glad for news like this. Not that venerabilities aren't bad, but because knowing there are teams identifying and resolving these issues is making a secure future for everyone. Sure, there are people who can flame Apple for not fixing sooner (I'm sure there are legitimate reasons, not some dude saying "nah, not today Google"), but that we have a culture that is pushing security is encouraging.

I'd be interested to know how many negative commenters are knowledgeable in low level kernel/ file system architecture to even reproduce the venerability, let alone patch it to an installed base of millions of users. It's so easy to critique things you don't understand.
Score: 12 Votes (Like | Disagree)

Popular Stories

iPhone 14 Purple Lineup Feature

Will the iPhone 14 Be a Disappointment?

Saturday May 21, 2022 9:00 am PDT by
With around four months to go before Apple is expected to unveil the iPhone 14 lineup, the overwhelming majority of rumors related to the new devices so far have focused on the iPhone 14 Pro, rather than the standard iPhone 14 – leading to questions about how different the iPhone 14 will actually be from its predecessor, the iPhone 13. The iPhone 14 Pro and iPhone 14 Pro Max are expected...
iPhone 13 Face ID

'High-End' iPhone 14 Front-Facing Camera to Cost Apple Three Times More

Monday May 23, 2022 7:05 am PDT by
The iPhone 14 will feature a more expensive "high-end" front-facing camera with autofocus, partly made in South Korea for the first time, ET News reports. Apple reportedly ousted a Chinese candidate to choose LG Innotek, a South Korean company, to supply the iPhone 14's front-facing camera alongside Japan's Sharp. The company is said to have originally planned to switch to LG for the iPhone...
iPhone 13 Always On Feature

iPhone 14 Pro Screen Refresh Rate Upgrade Could Allow for Always-On Display

Tuesday May 24, 2022 7:23 am PDT by
Last year's iPhone 13 Pro models were the first of Apple's smartphones to come with 120Hz ProMotion displays, and while the two iPhone 14 Pro models will continue to feature the technology, their screens could well boast expanded refresh rate variability this time round. To bring ProMotion displays to the ‌iPhone 13 Pro models‌, Apple adopted LTPO panel technology with variable refresh...
apple music

Apple Increases Apple Music Subscription Price for Students in Several Countries

Sunday May 22, 2022 1:57 am PDT by
Apple has silently increased the price of its Apple Music subscription for college students in several countries, with the company emailing students informing them their subscription would be slightly increasing in price moving forward. The price change is not widespread and, based on MacRumors' findings, will impact Apple Music student subscribers in but not limited to Australia, the...
EA Apple Maybe Feature

Apple Reportedly Talked With Electronic Arts About Potential Acquisition

Monday May 23, 2022 10:58 am PDT by
Apple is one of several companies that have held talks with Electronic Arts (EA) about a potential purchase, according to a new report from Puck. EA has spoken to several "potential suitors," including Apple, Amazon, and Disney as it looks for a merger arrangement. Apple and the other companies declined to comment, and the status of the talks is not known at this time, but Apple does have an ...
sony headphones 1

Sony's New WH-1000XM5 Headphones vs. Apple's AirPods Max

Friday May 20, 2022 12:18 pm PDT by
Sony this week came out with an updated version of its popular over-ear noise canceling headphones, so we picked up a pair to compare them to the AirPods Max to see which headphones are better and whether it's worth buying the $400 WH-1000XM5 from Sony over Apple's $549 AirPods Max. Subscribe to the MacRumors YouTube channel for more videos. First of all, the AirPods Max win out when it comes ...