Google announced a serious vulnerability in the macOS kernel
Google's Project Zero security team recently discovered a "very dangerous" security hole in Apple's MacOS operating system kernel. This vulnerability is located in macOS XNU (kernel) kernel, if it successfully exploits it, malicious hackers or programs can manipulate the file system without informing the operating system.
Specifically, an attacker can take advantage of this vulnerability to bypass the copy-on-write (COW) function and cause unexpected changes in memory to be shared between processes, causing the memory to be disturbed. mix.
If any process requires a file or data already in memory but another process has already been created, instead of creating a new copy, both processes may share the same resource to help reduce resource consumption.
However, the copy-on-write (COW) function will work and make a copy of it in memory if the source process requires access to the data to make some changes in the data.
Copy-on-write (COW) behavior on Apple's macOS operating system not only works with anonymous memory but also effectively handles page tables and memory mappings. Taking advantage of this vulnerability, malicious programs or attackers can change files stored on disk without informing the memory management system. From there, they can deceive processes to download malicious content into memory.
Project Zero security researchers have reported this error to Apple in November 2018. However, so far, this error has not been processed by Apple. Currently, Apple is shaking hands with the Project Zero team to be able to release a patch for this vulnerability in the next macOS release.
You should read it
- Detecting a serious security vulnerability on macOS, this 18-year-old youth refused to disclose it because Apple did not pay the bonus
- Mac computers stuck with a dangerous security vulnerability, Apple was announced in February but has not yet resolved
- HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
- Microsoft introduced a tool to fix security holes in IE 9 and 10
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008
- 5 common errors in managing security vulnerabilities
- 6 enterprise security holes to note
- How to scan websites for potential security vulnerabilities with Vega on Kali Linux
May be interested
- Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updatesapple has simultaneously released new versions of their software to update features, fix bugs and patch security holes.
- Linux Kernel 5.16 officially released with great features for gamersthe linux kernel just got its big update of the year - and if you're a gamer, this one is really cool!
- Microsoft discovered a critical vulnerability on macOSmicrosoft has just discovered a critical vulnerability in apple's macos. a new vulnerability called shrootless on macos discovered by microsoft is very serious.
- Browsers using Chromium kernel are not affected when Google disables ad blocking utilitiessome browsers will not be affected by google api for chromium kernel.
- The vulnerability on macOS 10.13 allows access to the Mac with any passwordanyone can access the settings on the app store of the macos high sierra without the right password, and another serious vulnerability.
- Linux kernel vulnerability exposes Stack memory, causing local data leakthe way the researcher tells an international has just disclosed information about a relatively serious vulnerability that exists in the linux kernel, which can be exploited to leak data and act as a bridge. effective coupling for deeper penetration into victim systems.
- Vulnerability on macOS helps hackers easily overcome security barriersthe interface of macos allows converting key presses into mouse operations. even when a user performs a double-click operation, macos will recognize that as the command to click the ok button.
- How to create a Custom Kernel on Ubuntubuilding the system's operating system kernel from scratch sounds scary. however, actually building linux kernel is easy. in the article below, tipsmake.com will guide you to create custom kernel on ubuntu.
- How to update or downgrade WSL kernel on Windows 11if the automatic update fails and you need to change the wsl version for any reason, you can do it manually with the command prompt.
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distrosrecently, security researcher max kellermann shared about a security flaw called 'dirty pipe'. it affects linux kernel 5.8 and above and even android devices.