Team Google’s Project Zero has released information about the “extremely dangerous” vulnerability in the kernel of the operating system Apple macOS, which in some cases can show “up during recording” (Copy-On-Write, COW).
The problem with the Apple implementation of the mechanism of copy-on-write, used to optimize many processes in the OS, such as, for example, working with the RAM or file on disk. The experts found that in the case of modification of the mounted file system image of the virtual subsystem does not know about changes. As a result, the attacker can perform malicious actions without the knowledge of the mounted file system.
“The process copy-on-write works not only on “anonymous” memory, but the display of files. This means that an attacker can modify the disk file, without informing the file system — this behavior is the vulnerability. macOS allows users to mount the filesystem images. If a file system is modified directly (e.g. using the functions pwrite ()), this information is not transmitted to the mounted file system,” the researchers write.
Experts have informed Apple about the vulnerability in November 2018, but the company has not corrected the problem. Because the 90 days allotted to resolve the issue, has expired, the Google Project Zero team released details about the bug, and published PoC-code for its operation.
Read more •••