Jump to content

Search the Community

Showing results for tags 'kernel vulnerability'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. Google Publicly Discloses macOS Kernel Vulnerability After discovering security vulnerabilities in several Microsoft products, including Windows 10 itself, the Google Project Zero team returns with a new public disclosure, this time affecting Apple’s macOS. Because as the security researchers working at Google discovered, a vulnerability in the macOS kernel allows an attacker to abuse the way filesystem images are mounted to make data changes. In the technical analysis of the vulnerability, the Google Project Zero team explains that the way the copy-on-write feature is implemented in macOS makes it possible for a user to make changes to a mounted file system image without the operating system to be aware of them. “If an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem,” the original advisory notes.Apple already working on a fixThe vulnerability was originally reported to Apple in November, and as per the Google Project Zero policy, the company was provided with a 90-day deadline for releasing a fix. Because Apple failed to provide a patch before the deadline was reached, Google publicly disclosed the vulnerability in late February. However, Apple has already acknowledged the security flaw, and it is currently working with the Project Zero team on addressing it. “We've been in contact with Apple regarding this issue, and at this point no fix is available. Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch,” the Google security researchers explained. Specifics as to when Apple could release the fix aren’t obviously available just yet, and as with everything Apple, any specifics are unavailable right now. Source
×
×
  • Create New...