Over a million developers have joined DZone.

‘BuggyCow’ Is Yet Another MacOS Flaw With Serious Security Implications

DZone 's Guide to

‘BuggyCow’ Is Yet Another MacOS Flaw With Serious Security Implications

Google's Project Zero discovered a bug in how MacOS handles memory back in November, but Apple has yet to develop a patch.

· Performance Zone ·
Free Resource

Image title

Apple is once again in the news for something they’re certainly not happy about: Another coding bug has been found in the MacOS operating system, this time allowing hackers to change the data of a computer’s most privileged code.

As this piece from Wired explains, the BuggyCow trick (named after the loophole hackers found in the OS’s copy-on-write or CoW protection) “takes advantage of the fact that when a program mounts a new file system on a hard drive – basically loading a whole collection of files rather than altering just one – the memory manager isn't warned. So a hacker can unmount a file system, remount it with new data, and in doing so silently replace the information that some sensitive, highly privileged code is using.”

While Google’s Project Zero researchers discovered the glitch back in November, they gave the company a 90-day window to create a patch, as is their standard protocol before unveiling any bug to the public.  

Unfortunately for Apple, though, that window came and went without any action being taken to find a solution, as the Wired article reveals.

Although pulling off this trick would take an extremely high level of technical skill, not to mention a rather specific set of conditions, it’s still being considered a flaw of high severity.

And if we’ve learned anything from pieces like this one I wrote recently on open source vulnerabilities, we know it’s only a matter of time until hackers find a way to exploit this now well-known flaw.

To take a look at Project Zero’s proof-of-concept code, check out this forum post.

security ,bug ,coding errors ,macos ,apple ,memory

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}