Project Zero team of Google has introduced a “high severity” macOs kernel bug which permits a hacker to upgrade user-owned arranged filesystem without any knowledge of macOS memory manager. After being informed about the bug on 30th November 2018, Apple is yet to release a pop for the same, leaving Mac OS users unprotected for manipulation.
Project Zero team has 90 days long deadline according to disclosure policy which defines if any company has not fixed the bug within 90 days after being informed by Google, the team will surely disclose the security infirmity.
The team can provide a considerable period in selective cases but that has not occurred with Apple in this particular condition. According to the Project Zero Team, they discovered a loophole in the copy-on-write protection of macOS, which runs the computer memory and ensure that a proceeding does not change the data shared by other processes. The team found that while an ascended filesystem image is directly changed, macOS unable to broadcast the information to its memory manager. So, basically, a hacker can evaluate a file system and then reevaluate it with changed data and the system would be none wiser.
The Wired record that it will be really tough to exploit the bug unveiled by Project Zero and it requires the prospective victim to have a few types of malware affected the computer.
Apple is yet to comment on the security bug publicly, but it is informed to be developing on the patch, which will reach a future resolution.
The researches told in a statement, “ We’ve been in contact with Apple regarding this issue, and at this point no fix is available. Apple is intending to resolve this issue in a future release, and we’re working together to assess the options for a patch.”