Google helps locate XNU macOS kernel security flaw

Sometimes your competitor can help find a critical weakness.

Google’s security arm, known as “Project Zero,” has located a macOS kernel flaw that it has rated as “high security.”

The kernel, which functions as the core of an operating system and has complete control over tasks such as input/output from software, memory, computer accessories, and more. XNU is the name of the kernel and is used with all of Apple’s operating systems.

The flaw, as it stands, allows a hacker to make changes to a file without informing the operating system. The exploit takes advantage of the operating system’s copy-on-write (COW) subsystem, which allows processes to write data between each other. This is intended to be protected, although the flaw works around this protection.

The exploit works both with anonymous memory, as well as file mappings. Once this function is complete, the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.

Project Zero found the flaw back in November 2018. The team contacted Apple but no fix has been released yet.

Stay tuned for additional details as they become available.

Via The Mac Observer and AppleInsider