A team of security analysts employed by Google named Project Zero for the task of discovering any vulnerabilities, finding the issues and security fault within the system from Google itself, as same as other prominent companies. And Project Zero team was introduced on 15th July 2014.
Before 1 or 2 days ago, Google’s Project Zero team has discovered and openly disclosed a valuable security fault in the macOS kernel which can help attacker and hackers to easily grant access to a users computer without their permission and knowledge.
If You Don’t Know What Is Kernel Then Read Paragraph Given Below
Kernel means the central and most important part of something. A macOS kernel is a computer program that is the most important part of a computer’s operating system, which total control over everything in the system.
Google’s Project Zero team informed everything about the issue and fault in Apple’s macOS kernel. Seemingly, all the security analysts employed byGoogle has come to know that if any change is made to a user-owned attached filesystem image, the virtual management system is not able to get notified of those modifications. Because of this, hacker or any other attacker can easily grant access to a users computer without their permission and can also perform malicious actions on the attached filesystem without letting them knowing about these malicious actions until it is too late.
But luckily, Apple has taken action towards it and also acknowledged the fault and then Apple started operating with Google’s Project Zero team on a fix. Apple has already planned to patch the issue in the near future macOS release, but there are no official details about that, yet. And the best part, Google also provided a proof-of-concept such as a bug tracker page. And Google provided a proof in-depth, the information is listed below.
“XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in match messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might be able to exploit double-reads in the destination process.
This copy-on-write behavior works not only with anonymous memory but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.
This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pre-write() on the filesystem image), this information is not propagated into the mounted filesystem.”