Google announced a serious vulnerability in the macOS kernel
Google's Project Zero security team recently discovered a "very dangerous" security hole in Apple's MacOS operating system kernel. This vulnerability is located in macOS XNU (kernel) kernel, if it successfully exploits it, malicious hackers or programs can manipulate the file system without informing the operating system.
Specifically, an attacker can take advantage of this vulnerability to bypass the copy-on-write (COW) function and cause unexpected changes in memory to be shared between processes, causing the memory to be disturbed. mix.
If any process requires a file or data already in memory but another process has already been created, instead of creating a new copy, both processes may share the same resource to help reduce resource consumption.
However, the copy-on-write (COW) function will work and make a copy of it in memory if the source process requires access to the data to make some changes in the data.
Copy-on-write (COW) behavior on Apple's macOS operating system not only works with anonymous memory but also effectively handles page tables and memory mappings. Taking advantage of this vulnerability, malicious programs or attackers can change files stored on disk without informing the memory management system. From there, they can deceive processes to download malicious content into memory.
Project Zero security researchers have reported this error to Apple in November 2018. However, so far, this error has not been processed by Apple. Currently, Apple is shaking hands with the Project Zero team to be able to release a patch for this vulnerability in the next macOS release.
You should read it
- IBM developed a new technology to patch security holes
- Find security holes on every site with Nikto
- Detecting a serious security vulnerability on macOS, this 18-year-old youth refused to disclose it because Apple did not pay the bonus
- Mac computers stuck with a dangerous security vulnerability, Apple was announced in February but has not yet resolved
- HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
- Microsoft introduced a tool to fix security holes in IE 9 and 10
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008
- 5 common errors in managing security vulnerabilities
- 6 enterprise security holes to note
- How to scan websites for potential security vulnerabilities with Vega on Kali Linux
- Warning: The number of vulnerabilities in open source software are increasing rapidly
- Microsoft discovered a critical vulnerability on macOS
Maybe you are interested
The world's 'stupid' bird, at the moment of life and death it 'loses its memory'
Nvidia launches RTX 4070 version with 'super fast' GDDR6 memory
Nvidia is developing a line of AI GPUs with 144GB HBM3E memory
3 Ways to free up Google Drive space, increase memory
Samsung begins mass production of 'most advanced' 12nm DDR5 memory chips
Samsung's HBM3E memory failed the evaluation test set by NVIDIA