Researchers at Google found they were able to make changes to a mounted filesystem without the user or filesystem being aware. To do so, they made use of an issue with MacOS’ copy-on-write protection. For the unfamiliar, copy-on-write defines how a device manages memory. For efficiency reasons, some programs store data on a user’s hard drive rather than keeping it in memory, called the pagefile in Windows. Naturally, there have to be protections alongside this, and it seems Apple has overlooked mounted file systems. Fortunately, this flaw isn’t an easy one to execute.
Patch Incoming
According to Wired, a victim would already need to be infected with malware for this to work. That malware would have to make use of an existing highly privileged program that writes data to the hard drive rather than memory. It’s likely Google has such a program in mind, and at the time of writing there’s no fix for this flaw. However, Google reveals that Apple is working with its researchers to craft a patch. “We’ve been in contact with Apple regarding this issue, and at this point no fix is available,” wrote a Google engineer last week. “Apple are intending to resolve this issue in a future release, and we’re working together to assess the options for a patch. We’ll update this issue tracker entry once we have more details.” Previously, Google Project Zero has published a number of major flaws. It’s found several high severity issues in Windows 10 and Microsoft Edge. Though some disagree with the early disclosures, others believe they’re necessary to force companies to act.