Google Reveals ‘High Severity’ Flaw in macOS After Apple Fails to Patch

Posted on March 4, 2019 by Mehedi Hassan in Apple, Google, Mac and macOS with 17 Comments

Google’s Project Zero team has apparently disclosed a serious flaw in the macOS kernel. Google’s security engineers first discovered the flaw back in November of last year, reporting it to Apple. And after Cupertino failed to patch the issue within 90 days, the company has now made the flaw public.

A bug in macOS’ XNU kernel allows attackers to make changes to a mounted filesystem without the user or the filesystem actually being aware of the changes, reports Neowin. Google has provided a technical explanation behind the flaw — but in essence, the issue originates from the kernel’s copy-on-write behavior that allows the attacker to make changes to the mounted filesystem without the virtual management subsystem being notified.

Although Google has marked the issue as high-severity, the company still disclosed the flaw publicly after Apple failed to provide a fix in time. “We’ve been in contact with Apple regarding this issue, and at this point no fix is available. Apple are intending to resolve this issue in a future release, and we’re working together to assess the options for a patch. We’ll update this issue tracker entry once we have more details,” a Google engineer said.

This isn’t the first time the company has disclosed a serious bug publicly, and there’s been a lot of other controversies over the years about similar incidents.

It’s still unclear exactly how the flaw could impact end-users, and it seems like you would need deep access to the macOS kernel to actually exploit the bug. I could be wrong, however. If you think you may be impacted by the problem, I suggest looking at the technical explanation behind the flaw.

Tagged with , , ,

Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate