Google. The American company has a team of engineers specialized in computer security, who analyze various products and operating systems to discover their security problems. The Google team has the name Project Zero, discovering over time a lot of security problems for iOS and macOS, and now she discovered something that should worry a lot of Apple customers around the world.
Google. The discovered security problem is so serious that a hacker could access a user's Mac remotely, without him knowing what is happening in the macOS operating system. It seems that if a hacker manages to modify a system image of macOS, the protection measures implemented by Apple do not detect the changes, and thus unrestricted access to macOS would be obtained, at least according to Google company engineers.
Google Discovers a CRITICAL PROBLEM with Apple Macs
Google. Having administrator access to the operating system, hackers can behave exactly like the owner of the computer, making any kind of changes, and being able to extract any kind of information from them, without the user knowing. Google disclosed this security issue to Apple engineers in November 2018, but three months have passed since then, and it has not been resolved, so it was decided to publish it, although it is one with a very high degree of risk.
XNU has various interfaces that allow creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might be able to exploit double-reads in the destination process. This means that if an attacker can move an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS allows normal users to mount filesystem images. When a mounted filesystem image is mutated directly (eg by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.
Google. Apple is working with engineers from Mountain View to solve this very serious security problem, but it is not known when they intend to release the update that will bring things back to normal. Why did Apple wait so long to solve a critical security problem that Google made public at this moment, it's hard to say, but it's good to know that you are vulnerable to hackers, and Apple is not do anything to protect yourself.
