Google has identified a serious vulnerability in the macOS kernel, the patch for 3 months has not been released
12.07.2019 Francis Patterson 0 Comments
Team Google Project Zero, specializing in information security issues, revealed a vulnerability in the macOS kernel, which was assigned a high level of danger. It allows you to modify the mounted image of the file system, while the virtual subsystem will not receive information about the changes made. In theory, this allows attackers to go unnoticed by the user.
Experts at Google Project Zero notified Apple of this vulnerability in November 2018. Apple is working on fixing the error, but has not yet released the appropriate update. Despite this, Google decided to publish the vulnerability information based on its own disclosure policy. It provides that information about security vulnerabilities is published after 90 days, regardless of the degree of readiness of the patches. However, sometimes Google offers an additional 14-day period, if companies do not have time to prepare and release an update.
It is not quite clear how this vulnerability can be used in real conditions. Google and Apple did not comment on the situation. However, users of devices with macOS should be careful when visiting sites and downloading files.