Google Shares Details on Unpatched 'High Severity' macOS Kernel Flaw

Google's Project Zero team in November found a "high severity" macOS kernel flaw that was recently disclosed (via Neowin) following the expiration of a 90 day disclosure deadline.

As explained by Google, the flaw allows an attacker to modify a user-owned mounted filesystem image without informing the virtual management subsystem of the changes, meaning a hacker can tweak a file system image without user knowledge.

This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.

This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.

According to Google, Apple has not yet fixed this issue. Apple is planning to implement a fix in an upcoming software update, however.

We've been in contact with Apple regarding this issue, and at this point no fix is available. Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch. We'll update this issue tracker entry once we have more details.

Google released the details on the bug without a fix from Apple because of its Project Zero policies. After discovering a security flaw, Project Zero provides details to the company that makes the software, providing them with 90 days to fix it before disclosure.

Google then publicly shares details on security flaws when a bug is fixed or when the 90-day deadline expires. Apple was informed of the bug in November, and the 90 day period elapsed without a fix.

Mac users should, as always, be wary of the files they're downloading to avoid attacks like this, making sure to download files only from trusted sites. It's not known if this is a bug that's easy to exploit, but Google has marked it as severe because it has the potential to bypass macOS safeguards.

Tag: Google

Top Rated Comments

(View all)
Avatar
18 months ago
It happens when you neglect things...
Score: 25 Votes (Like | Disagree)
Avatar
18 months ago
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
Score: 20 Votes (Like | Disagree)
Avatar
18 months ago
But, but, but... New Emojis! No really, look, over here - new emojis! And thinner too!
Score: 20 Votes (Like | Disagree)
Avatar
18 months ago

A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?

By the looks of it, running around in circles…
Score: 20 Votes (Like | Disagree)
Avatar
18 months ago
Out of curiosity, has Google's Project Zero disclosed unpatched issues in Google's own software? I've heard of a few directed at Apple products, but none directed at Google's own products...
Score: 13 Votes (Like | Disagree)
Avatar
18 months ago
I think the likelyhood of being exposed to this venerability is quite low (assuming they need physical possession of your hardware, to start). What brought me to the forum was to say, I'm glad for news like this. Not that venerabilities aren't bad, but because knowing there are teams identifying and resolving these issues is making a secure future for everyone. Sure, there are people who can flame Apple for not fixing sooner (I'm sure there are legitimate reasons, not some dude saying "nah, not today Google"), but that we have a culture that is pushing security is encouraging.

I'd be interested to know how many negative commenters are knowledgeable in low level kernel/ file system architecture to even reproduce the venerability, let alone patch it to an installed base of millions of users. It's so easy to critique things you don't understand.
Score: 12 Votes (Like | Disagree)

Top Stories

Apple Warns Against Closing MacBooks With a Cover Over the Camera

Friday July 10, 2020 11:12 am PDT by
Apple this month published a support document that warns customers against closing their Mac notebooks with a cover over the camera as it can lead to display damage. Image via Reddit Apple says that the clearance between the display and the keyboard is designed to very tight tolerances, which can be problematic. Covering the camera can also cause issues with automatic brightness and True Tone....

Leaker: 'iPhone 12 Pro' to Come With 6GB of RAM

Friday July 10, 2020 1:59 am PDT by
Later this year, Apple is expected to release four OLED iPhones in three display sizes, including 5.4, 6.7, and two 6.1-inch models. Rumors suggest the 6.7-inch iPhone and one 6.1-inch model will be higher-end devices, and now leaker @L0vetodream has corroborated previous rumors about the internal specs of Apple's upcoming lineup. Rumors suggest Apple will use 5-nanometer A14 chips in its...

Apple Moving Forward on Semitransparent Lenses for Upcoming AR Headset

Friday July 10, 2020 7:24 am PDT by
Apple and Foxconn have reached a key milestone in the development of Apple's long-rumored augmented reality headset, with the semitransparent lenses for the device moving from prototype to trial production, reports The Information. Apple is developing the lenses on a single production line at a Foxconn factory in Chengdu in southwestern China, where most of Apple’s iPad production is...

Kuo: Apple Silicon Macs to Include 13-inch MacBook Pro and MacBook Air This Year, 14.1-inch and 16-inch MacBook Pro Models Next Year

Friday July 10, 2020 2:58 am PDT by
At last month's WWDC, Apple officially announced that its Mac computers will be transitioned from Intel x86 to homegrown Apple Silicon chips. Apple said it plans to deliver the first Apple Silicon Mac by the end of the year and complete the transition in about two years. According to Apple analyst Ming-Chi Kuo, a 13.3-inch MacBook Pro with a form factor similar to the current 13.3-inch...

Arm-Intel-PowerPC Universal Binaries Are Possible

Saturday July 11, 2020 1:42 pm PDT by
Casual MacRumors visitors may not realize that we have a very active PowerPC forum where users discuss issues related to PowerPC Macs that have not been produced since 2006. Threads range from hardware upgrades and software options to nostalgia: Photo by AphoticD Apple's recently announced transition to Apple Silicon (Arm) based Macs raised some interesting questions about future support...

iPhone 12 Sizes Compared with iPhone SE, 7, 8, SE 2, X, 11, 11 Pro and 11 Pro Max [Update]

Tuesday July 7, 2020 6:49 pm PDT by
Apple is planning on launching the iPhone 12 this fall which is rumored to be coming in 3 different sizes: 5.4", 6.1" and 6.7". The middle size (6.1") matches up with the currently shipping iPhone 11, but the other two sizes will be entirely new. Over the weekend, there was some excitement about how well the new 5.4" iPhone 12 compares to the original iPhone SE. Those who have been hoping...

Tom Hanks WWII Movie 'Greyhound' Debuts on Apple TV+

Friday July 10, 2020 3:33 am PDT by
Apple TV+ today debuted "Greyhound," the highly anticipated Second World War movie starring Tom Hanks as a naval officer given command of Navy destroyer Greyhound in the Battle of the Atlantic. "Greyhound" features Hanks as George Krause, who must fight his own self doubts and personal demons as he leads a convoy of Allied ships against German U-boats to prove that he belongs in command. ...

Top Stories: iOS 14 Public Beta, iPhone 12 Size Comparison, 14-Inch MacBook Pro Rumors

Saturday July 11, 2020 6:00 am PDT by
After one round of developer beta testing, Apple unleashed iOS and iPadOS 14 to a wider audience this week, opening it up to members of the public beta program. There are lots of changes and new features to check out, but as with any beta, be careful about installing it on your main devices. Subscribe to the MacRumors YouTube channel for more videos. Other major stories this week included our ...

Hands-On With tvOS 14: Picture in Picture, 4K YouTube, HomeKit and More

Thursday July 9, 2020 12:48 pm PDT by
Apple at WWDC introduced a new version of tvOS, the software that's designed to run on the fourth and fifth-generation Apple TV models. tvOS updates are often more minor in scale than iOS, watchOS, and macOS updates, but tvOS 14 has some useful new features. Subscribe to the MacRumors YouTube channel for more videos. Apple in tvOS 13 introduced a Picture in Picture option for the Apple TV...

Apple CEO Tim Cook's 2019 Compensation Totaled Over $133 Million

Friday July 10, 2020 12:01 pm PDT by
Apple CEO Tim Cook was the second highest paid CEO in the United States in 2019, according to Bloomberg's list of the highest paid CEOs and executives in 2019. Cook received compensation totaling $133,727,869 by Bloomberg's count. Almost all of Cook's compensation was provided in the form of stock awards and related performance bonuses. As reported by the SEC earlier this year, Cook received ...