Updated:05:10 AM EDT May 22


this is ggmania.com subsite Google reveals "high severity" flaw in macOS kernel - TechAmok

TOP STORIES

HEADLINES

71-Year-Old Arnold Schwarzenegger Is Barely Fazed By Running Drop
NVIDIA's earnings in Q1 FY20 down by 31% compared to Q1 FY19
Inexplicable Rubik's Cube Magic Trick!
GOG.com is offering the first Witcher game for free
Google debuts 'next-generation' Assistant
How Viagra Made Pfizer Billions Before Generics
Tesla Will Release Fully Self-driving Cars in 2019
Catch-22 Trailer (Official)
Ratajkowski Spends Easter Sunday with the Easter Bunny
Inner Fire - Yoga On The Frozen Lake Baikal
Rooftop Swimming Pool Emptying During Quake In Manila
Inside an $88M Bel Air Mansion with a Hidden Car Elevator
When They See Us - Official Trailer - Netflix
Scarlett Johansson Tries To Not Spoil Avengers
Alexis Ren - This, a book, Coffee, And You
$100 million bitcoin order pushes price to 2019 high
Huawei P30 Pro vs Samsung S10 Plus vs iPhone XS Max Camera Comparo
4K Falcon 9 video

How to Download the Windows 10 1903 ISO from Microsoft
The Windows 10 May 2019 Update is now available
20mm vs Aluminium Blocks
Three-time Formula 1 world champion Niki Lauda dies aged 70
Just Cause Movie Being Developed by John Wick Creator
Wiko's First US Phone is The Ride, an $80 Phone for Boost
AMD Takes a Bigger Revenue Hit than Microsoft from Huawei Ban
OneNote for iOS now lets you set pictures as backgrounds
71-Year-Old Arnold Schwarzenegger Is Barely Fazed By Running Drop
Steve Aoki - Do Not Disturb feat. Bella Thorne (Official Video)
Microsoft Admits Updates Are Freezing Windows 10 Computers
Sony and Microsoft to explore strategic partnership
Google reportedly ends business with Huawei
Asus ZenFone 6 Sports Motorized Camera, Top Specs
NVIDIA's earnings in Q1 FY20 down by 31% compared to Q1 FY19
Steep To Be Available For Free On uPlay Until Next Week
Intel Tried to Bribe Dutch University to Suppress Knowledge of MDS
Inexplicable Rubik's Cube Magic Trick!

Google reveals "high severity" flaw in macOS kernel - [security]
11:17 AM EST - Mar,03 2019 - post a comment

A security researcher from Google's Project Zero has discovered that even though macOS' kernel, XNU, allows copy-on-write (COW) behavior in some cases, it is essential that any copied memory is not available for modifications from the source process. While COW is a resource-management technique that is not inherently flawed, it appears that Apple's implementation of it certainly is.

Project Zero has found out that if a user-owned mounted filesystem image is modified, the virtual management subsystem is not informed of the changes, which means that an attacker can potentially take malicious actions without the mounted filesystem knowing about it. The detailed explanation can be found below:

This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.

This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.
The researcher informed Apple about the flaw back in November 2018, but the company is yet to fix it even after exceeding the 90-day deadline, which is why the bug is now being made public with a "high severity" label. That said, Apple has accepted the problem and is working with Project Zero on a patch for a future macOS release. You can also view the proof-of-concept code that demonstrates the problem on the dedicated webpage here.

Short overview of recent news articles

May,16 2019 Traps Himself In A Jail Of His Own Making
May,16 2019 FCC Proposes Greater Freedom to Block Unwanted Calls
May,16 2019 Taylor Swift Answers Ellen's Burning Questions
May,16 2019 Steam Link for iOS and Apple TV
May,14 2019 Adobe Tells Users They Can Get Sued for Using Old Photoshop
May,14 2019 OnePlus 7 Pro Sports Three Rear Cameras, Pop-up Selfie Camera
May,14 2019 Wormable Windows bug could lead to another WannaCry
May,14 2019 AMD Releases Radeon Software Adrenalin 19.5.1 Drivers
May,14 2019 GOG.com is offering the first Witcher game for free
May,13 2019 Apple Launches iOS 12.3 And tvOS 12.3
May,13 2019 Feds Bust 'The Community' Hackers
May,13 2019 Keanu Reeves Left Stephen Colbert Speechless
May,13 2019 RAGE 2 - First 10 Minutes - PC Gameplay
May,11 2019 Microsoft: The open source company
May,11 2019 Unhackable eyeDisk Secure Thumb Drive Is Quite Hackable
May,10 2019 SpaceX will begin launching its first Starlink test satellites next
May,10 2019 IT: CHAPTER 2 Trailer (2019) Pennywise Horror Movie
May,10 2019 I Am Mother - official trailer
May,10 2019 NVIDIA Releases GeForce 430.64 WHQL Drivers
May,09 2019 Bitcoin is worth $6,000 for the first time this year
May,08 2019 Star Wars SC 38 Reimagined
May,08 2019 Android Q Allows Speedier OS Updates
May,08 2019 POKEMON Detective Pikachu: Full Picture
May,07 2019 A Live Demo For HoloLens 2 Did... Not Go According To Plan
May,07 2019 What It's Like Driving The World's Fastest Car
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs