Best Top Reviews Online

Google Reveals Unpatched ‘High-Severity’ Vulnerability in the Apple macOS Kernel

After Apple failed to release a patch within 90 days of being notified, a Google Project Zero researcher disclosed details and a proof-of-concept exploit of a high-severity security vulnerability in the macOS operating system.

The vulnerability was discovered by Project Zero researcher Jann Horn and demonstrated by Ian Beer. It resides in the way in which the macOS XNU kernel allows an attacker to manipulate filesystem images without notifying the operating system.

The flaw could eventually allow an attacker or malicious program to circumvent the copy-on-write (COW) functionality and cause unexpected changes in the shared memory between processes, resulting in memory corruption attacks.

Copy-On-Write, also known as COW, is an optimization strategy for resource management used in computer programming.

In general, if a process (destination) requires a file or data that is already in memory but was created by another process (source), both processes can share the same resource instead of creating a new copy of it, thereby significantly reducing the resource consumption of unmodified copies.

Nonetheless, if the sourcing process needs to modify the data, the copy-on-write (COW) function creates a copy of it in memory so that the destination process can still access the data.

According to the Project Zero researcher, on Apple’s macOS operating system, this copy-on-write behavior handles page tables and memory mappings efficiently in addition to anonymous memory.

“This means that, after the destination process has begun reading from the transferred memory area, memory pressure may cause the pages containing the transferred memory to be evicted from the page cache,” the advisory describing the vulnerability states.

When the evicted pages are required again in the future, they can be reloaded from the backing filesystem.

When a mounted filesystem image is modified directly (for example, by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem, according to a Google researcher.

Thus, a malicious program or an attacker can modify evicted disk pages without informing the virtual management subsystem, deceiving the destination processes into loading the manipulated malicious content into memory.

“It is crucial that the copied memory is protected against later modifications by the sourcing process; otherwise, the sourcing process could exploit double-reads in the destination process,” says the researcher.

In addition to this vulnerability, the Project Zero researcher discovered a similar copy-on-write behavior bypass (CVE-2019-6208) in the macOS operating system by abusing a different function.

In November 2018, the researcher informed Apple of both vulnerabilities, and the company privately acknowledged their existence. While Apple patched the second flaw in its January 2019 update, the first flaw remains unpatched 90 days after Project Zero’s deadline.

Therefore, the researchers made the vulnerability public with a “high severity” label and released the proof-of-concept code that demonstrates the bug, which, at the time of writing, has not yet been patched.

Apple is currently collaborating with the Project Zero team on a fix for the vulnerability, which will be included in a future release of macOS.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.