Google’s bug-zapping Mission Zero staff has uncovered what it mentioned was a “excessive-severity” flaw within the macOS kernel, Wired reported on Monday, and revealed the details on March 1 following the expiration of a 90-day interval for Apple to patch the exploit.
The vulnerability, often known as BuggyCow, permits for attackers to bypass the safety constructed into macOS’s copy-on-write (CoW) system, which manages system reminiscence. Primarily, the bug permits for the modification of a person-owned mounted filesystem picture without issuing any warnings that one thing is amiss to the digital administration subsystem—one thing that Rendition Infosec founder Jake Williams informed Wired was like airline passengers fastidiously watching airport safety rifle by way of their baggage, however not bothering to test the contents once more once they reached their vacation spot. This creates all types of vulnerabilities, Mission Zero wrote:
XNU has numerous interfaces that let creating copy-on-write copies of knowledge between processes, together with out-of-line message descriptors in mach messages. It is crucial that the copied reminiscence is protected towards later modifications by the supply course of; in any other case, the supply course of may have the ability to exploit double-reads within the vacation spot course of.
This copy-on-write habits works not solely with nameless reminiscence, but additionally with file mappings. Which means, after the vacation spot course of has began studying from the transferred reminiscence space, reminiscence stress could cause the pages holding the transferred reminiscence to be evicted from the web page cache. Later, when the evicted pages are wanted once more, they are often reloaded from the backing filesystem.Which means that if an attacker can mutate an on-disk file with out informing the digital administration subsystem, it is a safety bug.