Google Project Zero Discloses “High Severity” macOS Kernel Flaw After Apple Doesn’t Fix It

Apple has a wee bit of a problem on its hands as Google’s Project Zero has disclosed kernel flaw that is very serious. Google went this route as Apple didn’t patch the flaw within Google 90 day window for such discoveries to be fixed. Or put another way, the flaw was reported in November, and the 90 day window expired without a fix. That looks bad on Apple as for a company who claims to take these sorts of issues seriously clearly didn’t take this issue seriously.

But over to the flaw. The flaw allows an attacker to modify a user-owned mounted filesystem image without informing the virtual management subsystem of the changes, meaning a hacker can tweak a file system image without user knowledge. That of course is very bad. Apple claims that it will fix the issue. But one wonders why it takes the public disclosure for Apple to fix this? Tim Cook and company have some explaining to do. Especially given their recent track record of epic bugs.

Advertisements

One Response to “Google Project Zero Discloses “High Severity” macOS Kernel Flaw After Apple Doesn’t Fix It”

  1. […] that Apple asked me to make. Because after all, Google just did that to get Apple’s attention when Google’s Project Zero group uncovered a serious exploit in macOS last November and were forced to go public with it when Apple couldn’t or wouldn’t fix it within […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: