Google’s Project Zero team is working to uncover the bugs in the operating system and today, they’ve discovered a severe bug in the MacOS kernel. The bug is said to be of the high-severity, which means it needs the immediate patch from the developer. On March 1, Google’s Project Zero team uncovered the bug after the expiration of the 90 days, in which Apple did not provide the patch for this bug. The bug is of severe intensity and allows the users to get easy access to system memory components.
According to the Project Zero Team from Google, the bug is named as BuggyCow. The Copy-On-Write system or CoW system is at the center in this case as the Kernel component allows the attacker to gain access to using shared memory without showing any warning. As the attacker has access to the user shared memory, he can quickly modify the user files without any issue. After exploiting this bug, modifying the user mounted filesystems is very easy for attackers. With this bug, an attacker can mutate the on-disk file without informing the Virtual Management Subsystem and issued no warning, and that’s a severe bug.
Google’s Policy is to keep the vulnerability secret from the public and share the same with developers so that they can release a patch for the bug. After the expiration of the 90-day period in which Apple was expected to release a bug fix, Google’s Project Zero team decided to release information about this bug publically. The 90-Day policy encourages the developers to issue immediate bug fix to the users and address the problem quickly. One developer from the Project Zero team said that the team is in contact with the Apple developers and they are working on the patch to get rid of this issue. This is not good news for Apple as recently they faced a disastrous FaceTime bug which allowed attackers to eavesdrop on others.
