Google Project Zero reveals 'High Severity' flaw in macOS kernel, working with Apple on a patch

By Sameer Mitha | Updated 7 Mar 2019
Google Project Zero reveals 'High Severity' flaw in macOS kernel, working with Apple on a patch
  • Apple is working on a fix, but there is no information on when the patch will be available to Mac users.


  • Google’s Project Zero has revealed a flaw in the macOS.
  • The flaw is called BuggyCow.
  • Apple is working with Project Zero on a fix for the bug.



Google’s Project Zero team has publicly disclosed a “high severity” flaw in the macOS kernel. Apple was made aware of the flaw back in November 2018. Google’s Project Zero team has a 90-days disclosure policy. Even if the company (Apple in this case) hasn’t issued a fix for the problem, Project Zero will publicly reveal the security vulnerability. There are special cases where a grace period is allowed.

In the case of the macOS, the flaw is called BuggyCow. According to 9to5 Google, “security researchers have discovered that if a modification is made to a user-owned mounted filesystem image, the virtual management system isn’t notified of those changes. Thus, an attacker can potentially be granted access to perform malicious actions on that mounted filesystem without the end user ever knowing about it until it’s too late.” On the other hand, Wired notes that the for the vulnerability to be exploited, the victim needs to have some kind of malware present on his/her computer.


Apple has reportedly acknowledged the BuggyCow flaw and is working with Google's Project Zero on a fix for the same. However, there is no timeline available as to when the fix will be made available to consumers. 

Thomas Reed, a Mac focussed researcher at security firm MalwareBytes told Wired, "They've (Apple) had a lot of very-high-profile security-related bugs and some have been really, really stupid. It makes you wonder what’s going on with the QA process at Apple. Are they adequately testing? Lately, it seems like they’re not." 


Apple’s iOS and Macs were affected with a FaceTime bug last month. The bug allowed users to initiate a group FaceTime call to eavesdrop. The bug was found by a 14-year-old who wanted to chat with his friends while playing Fortnite. You can read more about the FaceTime bug here.

Also read:

Password exposing macOS bug found by German teenage hacker who refuses to disclose details to Apple


Researchers discover a new 'Spoiler' flaw in Intel CPU's

Sameer Mitha
Sameer Mitha lives for gaming and technology is his muse. When he isn’t busy playing with gadgets or video games he delves into the world of fantasy novels.

Recent Questions

Google maps not working In Elite 2
Rupam Medhi
Mar 29, 2016
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment