Casa > cibernético Notícias > High-Severity Bypass Vulnerability in macOS XNU Kernel Still Unpatched
CYBER NEWS

Vulnerabilidade de alta gravidade Bypass no MacOS XNU Kernel Ainda Unpatched

MacOS foi encontrado para conter uma vulnerabilidade de segurança de alta gravidade que foi recentemente divulgada ao público. Pelo visto, A Apple não conseguiu resolver a questão dentro do prazo de 90 dias, e Jann Corno, pesquisador do Google Project Zero, released the information to the public along with proof-of-concept code.



The vulnerability which resides in macOS XNU kernel is described as a “copy-on-write behavior bypass via mount of user-owned filesystem image”.

High-Severity Bypass Vulnerability in macOS

According to the official consultivo, “XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; de outra forma, the source process might be able to exploit double-reads in the destination process”.

The copy-on-write behavior works with both anonymous memory and file mappings, significa que memory pressure can cause the pages holding the transferred memory to be evicted from the page cache after the destination process has started.

Mais tarde, when the evicted pages are needed again, they can be reloaded from the backing Filesystem, o comunicado diz. This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug.

Em outras palavras, the vulnerability could allow an attacker or a malicious program to bypass the copy-on-write functionality to cause unexpected changes in the memory shared between processes, which eventually leads to memory corruption attacks.

relacionado: [wplinkpreview url =”https://sensorstechforum.com/macos-mojave-privacy-feature-bypas-bug/”]MacOS Mojave Privacidade Característica Bypass Bug Revelado

além disso, a malicious program or user can make changes to evicted pages stored on the disk without informing the virtual management subsystem. This would trick the destination processes to load malicious content into the memory.

That is why it is crucial that the copied memory is protected against later modification by the source process. In case of no protection, the source process might be able to exploit double-reads in the destination process, the Project Zero researcher explained.

This bypass is not the only vulnerability discovered by Jann Horn. The researcher also unearthed a similar copy-on-write behavior bypass which is assigned the CVE-2019-6208 número. This vulnerability exploits another macOS function.
Horn got in touch with Apple to notify the company about the discovered issues in November last year.

Apple acknowledged the findings privately. It should be noted that Apple patched CVE-2019-6208 in an update released in January. Contudo, the first severe bypass remains unpatched, thus the researcher made it public after the 90-day deadline.

Apple is currently working on a patch together with Google Project Zero.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...