Google Project Zero reveals 'High Severity' flaw in macOS kernel, working with Apple on a patch

By Sameer Mitha | Published on Mar 07 2019
Google Project Zero reveals 'High Severity' flaw in macOS kernel, working with Apple on a patch
HIGHLIGHTS

Apple is working on a fix, but there is no information on when the patch will be available to Mac users.

Apple iPhone XR 64GB at Lowest Price Ever

6.1" display | 50% Faster Graphics performance | TrueDepth camera

Click here to know more

Highlights:

  • Google’s Project Zero has revealed a flaw in the macOS.
  • The flaw is called BuggyCow.
  • Apple is working with Project Zero on a fix for the bug.

 

Google’s Project Zero team has publicly disclosed a “high severity” flaw in the macOS kernel. Apple was made aware of the flaw back in November 2018. Google’s Project Zero team has a 90-days disclosure policy. Even if the company (Apple in this case) hasn’t issued a fix for the problem, Project Zero will publicly reveal the security vulnerability. There are special cases where a grace period is allowed.

In the case of the macOS, the flaw is called BuggyCow. According to 9to5 Google, “security researchers have discovered that if a modification is made to a user-owned mounted filesystem image, the virtual management system isn’t notified of those changes. Thus, an attacker can potentially be granted access to perform malicious actions on that mounted filesystem without the end user ever knowing about it until it’s too late.” On the other hand, Wired notes that the for the vulnerability to be exploited, the victim needs to have some kind of malware present on his/her computer.

Apple has reportedly acknowledged the BuggyCow flaw and is working with Google's Project Zero on a fix for the same. However, there is no timeline available as to when the fix will be made available to consumers. 

Thomas Reed, a Mac focussed researcher at security firm MalwareBytes told Wired, "They've (Apple) had a lot of very-high-profile security-related bugs and some have been really, really stupid. It makes you wonder what’s going on with the QA process at Apple. Are they adequately testing? Lately, it seems like they’re not." 

Apple’s iOS and Macs were affected with a FaceTime bug last month. The bug allowed users to initiate a group FaceTime call to eavesdrop. The bug was found by a 14-year-old who wanted to chat with his friends while playing Fortnite. You can read more about the FaceTime bug here.

Also read:

Password exposing macOS bug found by German teenage hacker who refuses to disclose details to Apple

Researchers discover a new 'Spoiler' flaw in Intel CPU's

Videos

MacBook Air (2018) with Retina Display: All you need to know | Digit.in
logo
Sameer Mitha

Sameer Mitha lives for gaming and technology is his muse. When he isn’t busy playing with gadgets or video games he delves into the world of fantasy novels.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.