Google Shares Details on Unpatched 'High Severity' macOS Kernel Flaw

Google's Project Zero team in November found a "high severity" macOS kernel flaw that was recently disclosed (via Neowin) following the expiration of a 90 day disclosure deadline.

As explained by Google, the flaw allows an attacker to modify a user-owned mounted filesystem image without informing the virtual management subsystem of the changes, meaning a hacker can tweak a file system image without user knowledge.

macbookprodesign

This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.

This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.

According to Google, Apple has not yet fixed this issue. Apple is planning to implement a fix in an upcoming software update, however.

We've been in contact with Apple regarding this issue, and at this point no fix is available. Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch. We'll update this issue tracker entry once we have more details.

Google released the details on the bug without a fix from Apple because of its Project Zero policies. After discovering a security flaw, Project Zero provides details to the company that makes the software, providing them with 90 days to fix it before disclosure.

Google then publicly shares details on security flaws when a bug is fixed or when the 90-day deadline expires. Apple was informed of the bug in November, and the 90 day period elapsed without a fix.

Mac users should, as always, be wary of the files they're downloading to avoid attacks like this, making sure to download files only from trusted sites. It's not known if this is a bug that's easy to exploit, but Google has marked it as severe because it has the potential to bypass macOS safeguards.

Tag: Google

Top Rated Comments

StellarVixen Avatar
35 months ago
It happens when you neglect things...
Score: 25 Votes (Like | Disagree)
GrumpyMom Avatar
35 months ago
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
Score: 20 Votes (Like | Disagree)
quatermass Avatar
35 months ago
But, but, but... New Emojis! No really, look, over here - new emojis! And thinner too!
Score: 20 Votes (Like | Disagree)
arkitect Avatar
35 months ago
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
By the looks of it, running around in circles…
Score: 20 Votes (Like | Disagree)
eagle33199 Avatar
35 months ago
Out of curiosity, has Google's Project Zero disclosed unpatched issues in Google's own software? I've heard of a few directed at Apple products, but none directed at Google's own products...
Score: 13 Votes (Like | Disagree)
nate13 Avatar
35 months ago
I think the likelyhood of being exposed to this venerability is quite low (assuming they need physical possession of your hardware, to start). What brought me to the forum was to say, I'm glad for news like this. Not that venerabilities aren't bad, but because knowing there are teams identifying and resolving these issues is making a secure future for everyone. Sure, there are people who can flame Apple for not fixing sooner (I'm sure there are legitimate reasons, not some dude saying "nah, not today Google"), but that we have a culture that is pushing security is encouraging.

I'd be interested to know how many negative commenters are knowledgeable in low level kernel/ file system architecture to even reproduce the venerability, let alone patch it to an installed base of millions of users. It's so easy to critique things you don't understand.
Score: 12 Votes (Like | Disagree)

Related Stories

studio buds family

Beats Studio Buds Debuting Today With Active Noise Cancellation, Stemless Design, and More for $150

Monday June 14, 2021 8:00 am PDT by
We've seen a lot of teasers about the Beats Studio Buds over the past month since they first showed up in Apple's beta software updates, and today they're finally official. The Beats Studio Buds are available to order today in red, white, and black ahead of a June 24 ship date, and they're priced at $149.99. The Studio Buds are the first Beats-branded earbuds to truly compete with AirPods...
os x mountain lion macs 16x9 2

Apple Makes OS X Lion and Mountain Lion Free to Download

Wednesday June 30, 2021 12:19 pm PDT by
Apple recently dropped the $19.99 fee for OS X Lion and Mountain Lion, making the older Mac updates free to download, reports Macworld. Apple has kept OS X 10.7 Lion and OS X 10.8 Mountain Lion available for customers who have machines limited to the older software, but until recently, Apple was charging $19.99 to get download codes for the updates. As of last week, these updates no...
iPhone 13 Dummy Thumbnail 2

Kuo: iPhone 13 to Feature LEO Satellite Communications to Make Calls and Texts Without Cellular Coverage

Sunday August 29, 2021 7:39 am PDT by
The iPhone 13 will feature low earth orbit (LEO) satellite communication connectivity to allow users to make calls and send messages in areas without 4G or 5G coverage, according to the reliable analyst Ming-Chi Kuo. In a note to investors, seen by MacRumors, Kuo explained that the iPhone 13 lineup will feature hardware that is able to connect to LEO satellites. If enabled with the relevant...
youtube apple tv

YouTube Discontinuing 3rd-Generation Apple TV App, AirPlay Still Available

Wednesday February 3, 2021 3:09 pm PST by
YouTube is planning to stop supporting its YouTube app on the third-generation Apple TV models, where YouTube has long been available as a channel option. A 9to5Mac reader received a message about the upcoming app discontinuation, which is set to take place in March.Starting early March, the YouTube app will no longer be available on Apple TV (3rd generation). You can still watch YouTube on...
General Apps Messages

Android iMessage Competitor Puts Pressure on Apple

Friday July 30, 2021 3:15 am PDT by
Google and the three major U.S. carriers, including Verizon, AT&T, and T-Mobile, will all support a new communications protocol on Android smartphones starting in 2022, a move that puts pressure on Apple to adopt a new cross-platform messaging standard and may present a challenge to iMessage. Verizon recently announced that it is planning to adopt Messages by Google as its default messaging...
bluetti eb70 main

MacRumors Giveaway: Win a Bluetti EB70 Portable Power Station and 200W Solar Panel

Friday September 3, 2021 11:13 am PDT by
For this week's giveaway, we've teamed up with MAXOAK to offer MacRumors readers a chance to win a Bluetti portable power station and an accompanying solar panel. Bluetti makes a range of portable power station options that are useful for camping, emergencies, power outages, off-grid living, and similar situations. The Bluetti EB70 is a solid middle of the road option that offers 716Wh and...
personal hotspot 1

Apple Acknowledges Personal Hotspot Issues Affecting Some iOS 13 and iPadOS 13 Users

Saturday March 21, 2020 10:04 am PDT by
In an internal document distributed to Apple Authorized Service Providers this week, obtained by MacRumors, Apple has acknowledged that some iOS 13 or iPadOS 13 users may experience issues with Personal Hotspot. Apple has told Authorized Service Providers to expect customers who are unable to connect to a Personal Hotspot or experience frequent disconnection from one. Customers may also...
iphone 13 teal with text

Apple Begins Preparation for iPhone 13 Production Ahead of Fall Launch

Monday June 28, 2021 3:29 am PDT by
We're just a few months away from when Apple is expected to reveal the 2021 iPhone, dubbed the "iPhone 13." In preparation for its launch, it has been pulling in shipments of different components needed to produce the new iPhones, according to a report from DigiTimes. In years past, Apple released its latest iPhone lineup, alongside a new Apple Watch, during a September event at Apple Park....
General Spotify Feature

Spotify Partners With Delta to Provide Free In-Flight Music and Podcasts Service

Thursday September 2, 2021 12:59 am PDT by
Spotify has announced a new partnership with Delta that will see the streaming service take over the "audio" section of Delta's in-flight seatback entertainment, making select playlists and podcasts freely available to all passengers. You are now free to roam about the cabin—and get the music and podcasts you love at 30,000 feet. Beginning today, we're taking off in a new partnership with...