Google’s security research team, Project Zero, has released details about a “high-severity” flaw in Apple’s macOS operating system.
Dubbed ‘BuggyCow’, the vulnerability allowed anyone to modify a user-mounted file image without alerting the virtual management system. This essentially means cyber criminals could run codes on the mounted file image without user ever finding it out.
“XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might be able to exploit double-reads in the destination process,” Google’s Project Zero researchers explained in a forum post.
The researchers pointed out that copy-on-write (CoW) behaviour works with anonymous memory as well as file mappings. They further said that the “memory pressure can cause the pages holding the transferred memory to be evicted from the page cache after the destination process has started.”
“Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem. This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug,” the researchers added.
Google’s research team reportedly informed Apple about the vulnerability in November 2018. The team gave 90-days to fix the loophole before making it public. According to 9to5Google, Apple will be releasing the fix in its future macOS update.