When it comes to cybersecurity, Apple’s devices have been praised for being among the best in the market; if not the best. However, an elite cybersecurity task force set up by Google – Project Zero – has discovered a flaw in the macOS desktop operating system they are terming “high-severity” vulnerability.
According to Project Zero, the zero-day vulnerability leaves such a gaping hole that an attacker could exploit the system without the victim ever noticing a thing. The said vulnerability stems from copy-on-write, a macOS process enabled by Apple’s XNU kernel, which works with anonymous memory and file mapping.
The memory being copied on a Mac computer is not sufficiently protected against modification thus the copy-on-write process can be easily exploited by attackers to copy malicious codes.
According to a blog post by the security researchers working for Project Zero, “This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug.”
Project Zero gave Apple 90-days period but nothing was done
The name Project Zero might be familiar to you, it is the same cybersecurity agency that first discovered …read more