Apple has a wee bit of a problem on its hands as Google’s Project Zero has disclosed kernel flaw that is very serious. Google went this route as Apple didn’t patch the flaw within Google 90 day window for such discoveries to be fixed. Or put another way, the flaw was reported in November, and the 90 day window expired without a fix. That looks bad on Apple as for a company who claims to take these sorts of issues seriously clearly didn’t take this issue seriously.
But over to the flaw. The flaw allows an attacker to modify a user-owned mounted filesystem image without informing the virtual management subsystem of the changes, meaning a hacker can tweak a file system image without user knowledge. That of course is very bad. Apple claims that it will fix the issue. But one wonders why it takes the public disclosure for Apple to fix this? Tim Cook and company have some explaining to do. Especially given their recent track record of epic bugs.