Google’s Project Zero team has apparently disclosed a serious flaw in the macOS kernel. Google’s security engineers first discovered the flaw back in November of last year, reporting it to Apple. And after Cupertino failed to patch the issue within 90 days, the company has now made the flaw public.
A bug in macOS’ XNU kernel allows attackers to make changes to a mounted filesystem without the user or the filesystem actually being aware of the changes, reports Neowin. Google has provided a technical explanation behind the flaw — but in essence, the issue originates from the kernel’s copy-on-write behavior that allows the attacker to make changes to the mounted filesystem without the virtual management subsystem being notified.
Although Google has marked the issue as high-severity, the company still disclosed the flaw publicly after Apple failed to provide a fix in time. “We’ve been in contact with Apple regarding this issue, and at this point no fix is available. Apple are intending to resolve this issue in a future release, and we’re working together to assess the options for a patch. We’ll update this issue tracker entry once we have more details,” a Google engineer said.
This isn’t the first time the company has disclosed a serious bug publicly, and there’s been a lot of other controversies over the years about similar incidents.
It’s still unclear exactly how the flaw could impact end-users, and it seems like you would need deep access to the macOS kernel to actually exploit the bug. I could be wrong, however. If you think you may be impacted by the problem, I suggest looking at the technical explanation behind the flaw.