Google Shares Details about a New macOS Vulnerability
On Friday, March 1, 2019, Google’s Project Zero announced that it had discovered a “high severity” vulnerability in Apple’s macOS operating system. The Project Zero team constantly works to find vulnerabilities in software and code from other companies and developers. When Project Zero does identify a weakness, it notifies the coder or developer behind the software. The developer then has a 90-day window to fix the issue before Project Zero announces the vulnerability to the world. In other words, Apple has known about this issue for a while and has yet to introduce a fix.
The vulnerability, known as “BuggyCow,” could enable a hacker to escalate privileges and bypass security protections on a user’s Mac computer. Project Zero’s hackers found the bug in the copy-on-write (COW, hence the name “BuggyCow”) part of Apple’s macOS code. The vulnerability essentially introduces a privilege escalation opportunity in the way that macOS manages a user’s computer memory.
Certain programs store data on the hard drive rather than storing it in memory and accesses it from there. This method of handling data can be more efficient and can reduce the strain on computer resources when running a program. The issue is that multiple programs or processes are often using this data at once. If one process attempts to alter the data in any way, the computer’s memory manager springs into action, initiating a copy-on-write protection that requires the process in question to make a brand-new copy of the data. This protection prevents one process from changing data that is being used by other processes—including processes with higher privileges.
It’s with the copy-on-write safeguard that the BuggyCow vulnerability comes into play. There is a loophole in macOS right now that lets programs mount file systems on the hard drive—collections of multiple files—without the memory manager or copy-on-write protection noticing. The safeguards work as they should if the program is mounting a single file, but not a whole file system. Hackers could potentially use this loophole to change the data in a file system without making a new copy—thus forcing all processes using that data to access the new data. Through this method, a hacker could escalate privileges and gain access to more sensitive processes on the machine.
Just how severe is this issue? Certainly, privilege escalation is nothing to shrug off, in any situation. However, there is a good deal amount of technical skill required to execute this type of hack, which means it is unlikely to become a massive problem for the average Mac user. Apple also says it is working with Project Zero on a fix, so a patch should be on the way in the not-too-distant future.