Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,971
17,347



Google's Project Zero team in November found a "high severity" macOS kernel flaw that was recently disclosed (via Neowin) following the expiration of a 90 day disclosure deadline.

As explained by Google, the flaw allows an attacker to modify a user-owned mounted filesystem image without informing the virtual management subsystem of the changes, meaning a hacker can tweak a file system image without user knowledge.

macbookprodesign-800x470.jpg
This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.

This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.
According to Google, Apple has not yet fixed this issue. Apple is planning to implement a fix in an upcoming software update, however.
We've been in contact with Apple regarding this issue, and at this point no fix is available. Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch. We'll update this issue tracker entry once we have more details.
Google released the details on the bug without a fix from Apple because of its Project Zero policies. After discovering a security flaw, Project Zero provides details to the company that makes the software, providing them with 90 days to fix it before disclosure.

Google then publicly shares details on security flaws when a bug is fixed or when the 90-day deadline expires. Apple was informed of the bug in November, and the 90 day period elapsed without a fix.

Mac users should, as always, be wary of the files they're downloading to avoid attacks like this, making sure to download files only from trusted sites. It's not known if this is a bug that's easy to exploit, but Google has marked it as severe because it has the potential to bypass macOS safeguards.

Article Link: Google Shares Details on Unpatched 'High Severity' macOS Kernel Flaw
 

JosephAW

macrumors 601
May 14, 2012
4,252
5,129
How does this effect previous MacOS versions? Still running El Capitan because of hardware limitations and compatibility options and 32 bit app support for iOS. Didn't read which Kernels are effected.
 

GrumpyMom

macrumors G4
Sep 11, 2014
10,274
15,201
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
 

nate13

macrumors 6502
Feb 16, 2004
315
192
Fargo, ND
I think the likelyhood of being exposed to this venerability is quite low (assuming they need physical possession of your hardware, to start). What brought me to the forum was to say, I'm glad for news like this. Not that venerabilities aren't bad, but because knowing there are teams identifying and resolving these issues is making a secure future for everyone. Sure, there are people who can flame Apple for not fixing sooner (I'm sure there are legitimate reasons, not some dude saying "nah, not today Google"), but that we have a culture that is pushing security is encouraging.

I'd be interested to know how many negative commenters are knowledgeable in low level kernel/ file system architecture to even reproduce the venerability, let alone patch it to an installed base of millions of users. It's so easy to critique things you don't understand.
 

nate13

macrumors 6502
Feb 16, 2004
315
192
Fargo, ND
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
Interesting headline. Low level security venerabilities can have huge implications on the software that runs above them (in this case, everything). If this was a breach that was able to be executed remotely and in a distributed manner, it would be patched immediately.
 

GrumpyMom

macrumors G4
Sep 11, 2014
10,274
15,201
That's it. Time to switch back to Windows.
I can't tell if you're joking or serious but I can see some people reading this news and thinking that. Which is why I asked my question in the post before yours.

With Windows a user's PC is going to get hammered all the time with security threats both commonplace to catch all the technically illiterate unaware and very complex to catch out heavily secured systems.

How vulnerable are most Mac users really? How easy are the two most recently uncovered exploits implemented? Dramatic news stories are all well and good but how likely is a suburban soccer mom like me to be harmed by this?
 
  • Like
Reactions: MacNeb and arkitect

SecuritySteve

macrumors demi-god
Jul 6, 2017
917
1,025
California
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
This kind of stuff happens all the time. Apple is probably working on a fix, or already has a fix in the beta that we just don't know about because CVE details have not been released. Apple fixes vulnerabilities in every single macOS update. Check https://support.apple.com/en-us/HT201222 for details.
 

arkitect

macrumors 603
Sep 5, 2005
5,962
5,838
Bath, United Kingdom
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
By the looks of it, running around in circles…
 

axantas

macrumors 6502a
Jun 29, 2015
716
954
Home
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?


As an owner of the famous crashing Apple TrashCan (known as MacPro 2013) I have a quite critical look at Apple. However - they are not stupid. They generally know very well, what they are doing (...besides creating new gorgeously colored watchbands). I still kind of trust Apple. NOT acting the appropriate way could be devastating. And I think (in the shareholders sense...) Apple will take the right steps.
 
Last edited:

Kabeyun

macrumors 68040
Mar 27, 2004
3,167
5,969
Eastern USA
At this point I have to believe personal computer malware problems come from user foolishness installing something they shouldn’t’ve. No one is out there furiously trying to hack into your desktop. Watch where you visit, what you download, and what you open. Anyone who doesn’t know this by now probably needs an infection as a teaching point.

Out of curiosity, has Google's Project Zero disclosed unpatched issues in Google's own software? I've heard of a few directed at Apple products, but none directed at Google's own products...
But Android’s perfect and Apple is poo poo. Don’t you read MR forums??
 

StellarVixen

macrumors 68020
Mar 1, 2018
2,459
3,991
Earth
A teenager and Google trying to make Macs more secure :eek: and Apple's reported response to them looks like "talk to the hand". :confused:

What are they doing over in the spaceship? I'm not even remotely technically literate so I'm genuinely curious: is this a sign of internal mismanagement or nothing really of consequence but makes an interesting headline?
nothing. This is not priority, as there is low chance of exploitation by someone who has no physical access to your device.


It needs to be patched, but it is not “red alert”.


It is not bug that concerns me, it is how Apple treats issues. They can be quiet for months.
 

rforno

macrumors member
Oct 18, 2017
98
86
Courage, people. I'm sure the forthcoming fix will also make OSX even thinner and more beautiful than ever, too.

But srsly, I agree - on a lot of reported security stuff Apple's corporate ego seems to get the better of them.
 
  • Like
Reactions: zulkiflim

Darmok N Jalad

macrumors 68040
Sep 26, 2017
3,881
22,278
Tanagra (not really)
Google has done the same to Windows in the past. It’s all good and fine, but it’s just an arbitrary deadline, one that I don’t believe google enforces on itself. Android’s severe fragmentation (multiple Android versions and various degrees of OEM support) make it very hard to police in the same way that google polices MS and Apple. Sure, they may have fixed an Android exploit, but that fix will only land on the handful of devices that get an actual security update.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.