Updated:06:44 AM EDT Jul 17


this is ggmania.com subsite Google reveals "high severity" flaw in macOS kernel - TechAmok

TOP STORIES

HEADLINES

Ryzen 9 3900X & Ryzen 7 3700X Review
3-Second Video Of A Cat Jumping Over A Gate
Emily Ratajkowski Dancing GIF
Fast & Furious Presents: Hobbs & Shaw - Final Trailer
Intel to Cut Prices of its Desktop Processors by 15%
Succubus Trailer
DXR Tech Demo
Terminator: Dark Fate - Official Teaser Trailer (2019)
How to Download the Windows 10 1903 ISO from Microsoft
20mm vs Aluminium Blocks
71-Year-Old Arnold Schwarzenegger Is Barely Fazed By Running Drop
NVIDIA's earnings in Q1 FY20 down by 31% compared to Q1 FY19
Inexplicable Rubik's Cube Magic Trick!
GOG.com is offering the first Witcher game for free
Google debuts 'next-generation' Assistant
How Viagra Made Pfizer Billions Before Generics
Tesla Will Release Fully Self-driving Cars in 2019
Catch-22 Trailer (Official)

Elon Musk's Neuralink Says Itís Ready for Brain Surgery
Nokia 2.2 Offers Small-Notch Design for $140
Apple's 2019 MacBook Air is significantly slower than last one
NVIDIA Won't Launch GeForce RTX 2080 Ti Super
3 FROM HELL Official Trailer (2019) Rob Zombies, Horror Movie
HyperX Announces First Wireless Headset Under $100
DOOM: Annihilation is set to arrive at the start of October
The King's Man - Official Teaser Trailer
Snapdragon 855 Plus Brings More Power to Gaming Phones
ASUS Begins Enabling Limited PCIe Gen 4.0
Why It's Nearly Impossible To Return A Serve Going 160 MPH
AMD Retires the Radeon VII Less Than Five Months Into Launch
Age of Wonders III is free on Steam
Hulu now supports 4K streaming on Apple TV and Chromecast Ultra
Snowball the cockatoo has 14 distinct dance moves
Feasting Shark Swallowed Whole in Cruel Twist of Fate
Intel "Comet Lake" Not Before 2020, "Ice Lake-S" Not Before
Qualcomm, T-Mobile Successfully Test First Full-Featured 5G Modem

Google reveals "high severity" flaw in macOS kernel - [security]
11:17 AM EST - Mar,03 2019 - post a comment

A security researcher from Google's Project Zero has discovered that even though macOS' kernel, XNU, allows copy-on-write (COW) behavior in some cases, it is essential that any copied memory is not available for modifications from the source process. While COW is a resource-management technique that is not inherently flawed, it appears that Apple's implementation of it certainly is.

Project Zero has found out that if a user-owned mounted filesystem image is modified, the virtual management subsystem is not informed of the changes, which means that an attacker can potentially take malicious actions without the mounted filesystem knowing about it. The detailed explanation can be found below:

This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.

This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.
The researcher informed Apple about the flaw back in November 2018, but the company is yet to fix it even after exceeding the 90-day deadline, which is why the bug is now being made public with a "high severity" label. That said, Apple has accepted the problem and is working with Project Zero on a patch for a future macOS release. You can also view the proof-of-concept code that demonstrates the problem on the dedicated webpage here.

Short overview of recent news articles

Jul,11 2019 Sprint Launches 5G in Chicago
Jul,10 2019 25 million Android devices get infected
Jul,10 2019 Intel 10th Generation Core "Comet Lake" Lineup Detailed
Jul,09 2019 NVIDIA GeForce 431.36 WHQL driver
Jul,09 2019 Stromboli Volcano Erupted Caught On Camera From A Sailboat
Jul,09 2019 Qualcomm Raises the Floor for Entry-Level Android Phones With
Jul,09 2019 Microsoft is injecting ads to install apps into Android
Jul,07 2019 AMD Radeon Software Adrenalin 2019 Edition 19.7.1 driver
Jul,07 2019 Ryzen 9 3900X & Ryzen 7 3700X Review
Jul,06 2019 3-Second Video Of A Cat Jumping Over A Gate
Jul,06 2019 Card Trick Wizard Sets The Record For Fastest Unsolvable Trick
Jul,06 2019 AMD to Cut RX 5700-series Prices at Launch
Jul,05 2019 AOC Unveils Two New Agon Gaming Monitors with 240Hz / 0.5ms
Jul,04 2019 NVIDIA's next-generation GPUs coming out in 2020
Jul,04 2019 Apple Uses AR To Fix Your Eyes During FaceTime in iOS 13
Jul,04 2019 Emily Ratajkowski Dancing GIF
Jul,03 2019 Cyberpunk 2077's Fictional Band Samurai
Jul,03 2019 Outlook for iOS gets support for shared mailboxes
Jul,03 2019 Samsung has reportedly fixed the protective film on the Galaxy Fold
Jul,02 2019 Paris Hilton Talk Cars
Jul,02 2019 Fast & Furious Presents: Hobbs & Shaw - Final Trailer
Jul,02 2019 Microsoft Teases All-New Windows 1.0
Jul,02 2019 NVIDIA announces the GeForce RTX 2060/2070/2080 SUPER GPUs
Jul,01 2019 TechPowerUp GPU-Z 2.22.0 Released
Jul,01 2019 Firefox for Android Gaining Ad Tracking Protection
>> News Archive <<

TechAmok - Privacy Policy        loading time:0secs