Google announced a serious vulnerability in the macOS kernel

Google's Project Zero security team recently discovered a "very dangerous" security hole in Apple's MacOS operating system kernel. This vulnerability is located in macOS XNU (kernel) kernel, if it successfully exploits it, malicious hackers or programs can manipulate the file system without informing the operating system.

Specifically, an attacker can take advantage of this vulnerability to bypass the copy-on-write (COW) function and cause unexpected changes in memory to be shared between processes, causing the memory to be disturbed. mix.

If any process requires a file or data already in memory but another process has already been created, instead of creating a new copy, both processes may share the same resource to help reduce resource consumption.

Google announced a serious vulnerability in the macOS kernel Picture 1

However, the copy-on-write (COW) function will work and make a copy of it in memory if the source process requires access to the data to make some changes in the data.

Copy-on-write (COW) behavior on Apple's macOS operating system not only works with anonymous memory but also effectively handles page tables and memory mappings. Taking advantage of this vulnerability, malicious programs or attackers can change files stored on disk without informing the memory management system. From there, they can deceive processes to download malicious content into memory.

Project Zero security researchers have reported this error to Apple in November 2018. However, so far, this error has not been processed by Apple. Currently, Apple is shaking hands with the Project Zero team to be able to release a patch for this vulnerability in the next macOS release.