Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I don't want to sift through hundreds of my own Slashdot posts to find these again, but - when this question came up a couple years ago (another time when Apple took longer than 90 days to fix an exploit), I found several cases where what you state is not true. Project Zero seems to treat severe Google bugs differently than those of other vendors.

As I recall, with one of the bugs Project Zero withheld it for more than a year - only releasing the information after Google had finally patched it.
You don't need to sift through dated info. They recently disclosed an unpatched bug from Nov 2018. They disclosed in Feb 2019. https://bugs.chromium.org/p/project...strict Reported Vendor Product Finder Summary
There have been other disclosures as well which can be easily found with a cursory google search. Relying on years old info really doesn't paint an accurate picture of what's going on today.
 
  • Like
Reactions: ROGmaster
Way to not understand what's going on and get the usual first post Mac dig for likes.

I know exactly what is going on.

You can assume whatever you want. I have notifications enabled for MacRumors, that’s why I catch up with news early.

I wrote this comment out of concern for platform which I have used and loved since the 10.5, and would like to continue doing so, because I cannot imagine myself using anything else. But you are free to believe about me whatever you want.
 
  • Like
Reactions: 9081094
This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.

Hmmm. So you have a disc image file - like say those so frequent Flash installer updates. But lets say it has something important on it. You mount the image to work with it. Some secure application is using the mounted image as if it were physical media. It sets up RAM to file mapping. Unbeknownst to you, you have some user mode malware that is watching. At a critical time, the malware directly modifies the disc image file and manipulates the system to cause a reload from the "drive".

I'd say this is a rather broad vulnerability, but with only niche uses. The same malware could have modified the image before it was even in use. The only extra vulnerability is temporal access to the internals of the secure application.
 
  • Like
Reactions: zulkiflim
No one is out there furiously trying to hack into your desktop.

As someone who manages servers, I can tell you that's not true. Cybercriminals will hijack anything to do their bidding. Massive botnets of infected PCs are the stuff of nightmares for any sysadmin. New waves of attacks spawn as quickly as you can put down the previous wave.

Watch where you visit

That's not enough. You can very easily get snookered into downloading the wrong software through a deceptively designed banner ad that's showing on a legitimate software download site. You can also get tricked into visiting a shady site through browser hijacking banner ads, which have been known to run on MacRumors from time to time before they're caught.

You can click a link to a site that vanished, but had their domain re-registered by a criminal ring in some Eastern Bloc country to redirect you somewhere to trick you into downloading fake Adobe Flash updates or a tainted Java package.

The "just don't do anything stupid defense" that is commonly passed around MR is a good start, but it isn't much of a defense.
 
  • Like
Reactions: 5105973
I can tell you what’s going on...

Timmy is watching upcoming shows and couldn’t find the time to respond.

Ive is still redecorating it’s office and can’t decide if the curtain would have a golden glow or not.

Phil is busy with its filmmakers crew for the next ‘shot on iPhone’ ad.

Eddy is trying to find the new Bambi for its third remake of carpool karaoke.
[doublepost=1551728166][/doublepost]
You propably don’t watch any Bambi movies Timmy is warning you about :D

If you hate Apple so much why are you still here? It's kinda like despising your wife and complaining about her all the time. Divorce her already.
 
  • Like
Reactions: G5isAlive
If you hate Apple so much why are you still here? It's kinda like despising your wife and complaining about her all the time. Divorce her already.
I’m divorcing you know. But it’s like divorcing your wife, it takes time and it’s expensive :D
 
  • Like
Reactions: makitango
May explain why this bug still isn't fixed after 3 months.

Every development team has to prioritize. They don't just drop everything they're doing and start different threads of work on a whim unless it's some truly nasty stuff that will lead to catastrophe.

Also, software development is hard. It's very hard. Every fix runs the risk of opening up new holes so that's another reason why things aren't always addressed as a daily fire drill.
 
  • Like
Reactions: zulkiflim
Every development team has to prioritize. They don't just drop everything they're doing and start different threads of work on a whim unless it's some truly nasty stuff that will lead to catastrophe.

Also, software development is hard. It's very hard. Every fix runs the risk of opening up new holes so that's another reason why things aren't always addressed as a daily fire drill.

Every software projects I've been on, if there's a critical bug or issue we re-prioritize accordingly and get it fixed ASAP. We don't let it linger around.
 
Sounds more like frustration, instead of hate.
Yes, being a devoted Apple user since 1989 and I’ve been going through many transitions. Believe me, since 2012 it’s going downhill with my experience with Apple.

And indeed, it’s so bad that I’ve ordered for a divorce. But after investing years, it’s not something that can be done easily. It’s not only hardware but software investment as well.

In a certain way it’s cheaper and more easy to divorce your wife than divorcing Apple.

But I’m working on it :D
 
Every software projects I've been on, if there's a critical bug or issue we re-prioritize accordingly and get it fixed ASAP. We don't let it linger around.

Not that I have any idea what Apple's collective codebase looks like nor do I have any idea how sophisticated of a programmer you are, but I think it's safe to bet that anything you or I would be working on looks like a rowboat next to a luxury cruise liner in comparison to what they're dealing with.

Perhaps it's unforgivable they let it go. Or maybe they couldn't move on it until a dependency fell in place. I have no idea so I'm not going to speculate.
 
Last edited:
As someone who manages servers, I can tell you that's not true. Cybercriminals will hijack anything to do their bidding. Massive botnets of infected PCs are the stuff of nightmares for any sysadmin. New waves of attacks spawn as quickly as you can put down the previous wave.



That's not enough. You can very easily get snookered into downloading the wrong software through a deceptively designed banner ad that's showing on a legitimate software download site. You can also get tricked into visiting a shady site through browser hijacking banner ads, which have been known to run on MacRumors from time to time before they're caught.

You can click a link to a site that vanished, but had their domain re-registered by a criminal ring in some Eastern Bloc country to redirect you somewhere to trick you into downloading fake Adobe Flash updates or a tainted Java package.

The "just don't do anything stupid defense" that is commonly passed around MR is a good start, but it isn't much of a defense.

Agree 100%. Anyone who watches tcpdump on their router's WAN interface will pretty quickly lose the illusion that they are not under attack every moment of every day.
 
Windows XP and prior were a nightmare for viruses and malware. I worked as a PC tech for years and we earned a lot of money removing viruses.

Personally, I haven’t gotten a single virus or malware since getting a windows 7 laptop 9 years ago. Nothing.

I have a Win 7 and Win 10 desktop still (HTPC) and have never gotten anything on either. Really hard to get a virus unless you are careless or open suspicious emails these days. I’ve never run any anti-virus sofware either.

Just thought I’d mention as I think the myth of Windows PCs being easily infected needs to stop.
 
Any bets on if Apple fixes this within 90 days?

They already missed the 90 day window, and that is why this info was released publicly.

The premise of your bet needs to be clarified - or most likely you just didn’t catch that part of the article I’m guessing.

Edit: (just like how I missed other post ahead of mine responding already to your post about this 90 days thing). Sorry bout that.
 
Last edited:
As someone who manages servers, I can tell you that's not true. Cybercriminals will hijack anything to do their bidding. Massive botnets of infected PCs are the stuff of nightmares for any sysadmin. New waves of attacks spawn as quickly as you can put down the previous wave.



That's not enough. You can very easily get snookered into downloading the wrong software through a deceptively designed banner ad that's showing on a legitimate software download site. You can also get tricked into visiting a shady site through browser hijacking banner ads, which have been known to run on MacRumors from time to time before they're caught.

You can click a link to a site that vanished, but had their domain re-registered by a criminal ring in some Eastern Bloc country to redirect you somewhere to trick you into downloading fake Adobe Flash updates or a tainted Java package.

The "just don't do anything stupid defense" that is commonly passed around MR is a good start, but it isn't much of a defense.
I agree broadly, bu Byouve wuoy d me selectively. I never said watch where you visit. I said watch where you visit, watch what you download, watch what you open. You chose to reply to part of that as though it were the whole thing.

And yes, I maintain that there isn’t some army of evildoers out there trying to get into your computer by blindly banking into it. Your answer is not a contradiction to this assertion. Yes, people will hijack anything, but it happens because the user installed something they should not have, allowing their PC to be compromised. No one is hacking into my computer without my first having installed something that will let them. This vulnerability Google reported is just scare tactics.
 
Out of curiosity, has Google's Project Zero disclosed unpatched issues in Google's own software? I've heard of a few directed at Apple products, but none directed at Google's own products...
This is my point of exactly. And they bury any unfavorable information is their search results.
[doublepost=1551741828][/doublepost]
The short answer is yes they do disclose on Google. The longer answer is yes they do. The most recent disclosed vulnerability comes from Nov 2018 https://bugs.chromium.org/p/project-zero/issues/detail?id=1718&q=android&colspec=ID Status Restrict Reported Vendor Product Finder Summary

I think the issue you're experiencing is not a matter of disclosure, but a matter of notoriety. Disclosure is simply making the details of the exploit known. Notoriety comes from some blogger or news site picking up the disclosure and publicizing it. Patched or not, they disclose and news sites sometimes pick up the info. Just not Apple-centric news sites... which is why you may not have heard of the disclosures.
Another forum member posted a question in an earlier article similar to yours.
So, where are the articles posted on the news?
 
I can't tell if you're joking.
/s means sarcasm.
[doublepost=1551744030][/doublepost]
Hmmm. So you have a disc image file - like say those so frequent Flash installer updates. But lets say it has something important on it. You mount the image to work with it. Some secure application is using the mounted image as if it were physical media. It sets up RAM to file mapping. Unbeknownst to you, you have some user mode malware that is watching. At a critical time, the malware directly modifies the disc image file and manipulates the system to cause a reload from the "drive".

I'd say this is a rather broad vulnerability, but with only niche uses. The same malware could have modified the image before it was even in use. The only extra vulnerability is temporal access to the internals of the secure application.
The disk images you download usually contain checksums which allows them to have their integrity verified before being mounted. Malware could probably get around that, but it wouldn't be as easy as just modifying the disk image and letting it mount. By modifying the image AFTER it's mounted, it's able to bypass the integrity check. This is, I believe, what they're talking about.
 
Last edited:
Interesting headline. Low level security venerabilities can have huge implications on the software that runs above them (in this case, everything). If this was a breach that was able to be executed remotely and in a distributed manner, it would be patched immediately.

Yeah, this almost isn't exploitable, if I understand the bug correctly:
  • User mounts a filesystem backed by a dmg file.
  • Attacker with write permission on the dmg file modifies it.
  • Attacker uses a huge amount of RAM so that the in-memory copies of the data from the DMG get pushed out.
  • Kernel reads in modified DMG from disk when asked to read blocks from disk.
And in particular, the only definitive impact is when:
  • User runs app that sends Mach messages to another app using out-of-band data backed by a file on a DMG.
  • Attacker with write permission on the dmg file modifies the DMG.
  • Attacker uses a huge amount of RAM so that the in-memory copies of the data from the DMG get pushed out.
  • Kernel reads in modified DMG from disk when asked to provide the contents of that Mach message.
The only realistic exploits I can think of are things like:
  • Tricking the kernel into reloading a code page from an app running from a DMG after modifying it (very hard to exploit) while the app is running (to get around Gatekeeper)
  • Modifying or intercepting Mach messages in flight by mounting a DMG over top of /var/tmp (requires root) or some other location where apps are likely to store this sort of data.
And if you can do the latter, you can probably just use a modified kernel to do the same thing.

I'm really curious why this is considered high severity. At a glance, I would have called it a nuisance-level security bug.


/s means sarcasm.
[doublepost=1551744030][/doublepost]
The disk images you download usually contain checksums which allows them to have their integrity verified before being mounted. Malware could probably get around that, but it wouldn't be as easy as just modifying the disk image and letting it mount. By modifying the image AFTER it's mounted, it's able to bypass the integrity check. This is, I believe, what they're talking about.

This is actually about modifying things that are temporarily stored on a DMG by modifying the underlying volume. If this were about modifying a DMG to avoid integrity checks, an attacker could just disable the checksum or substitute another volume with a valid checksum. Those checksums are to prevent corruption, not modification. Code signatures, on the other hand....
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.