Published in PC Hardware

Google researchers find new flaws in Mac programming

by on08 March 2019

BuggyCow eats
Mac operating system

Google's bug-hunting researchers known as Project Zero have revealed a fresh zero-day vulnerability in macOS called "BuggyCow".

The attack takes advantage of some weird coding in Apple’s protection of the machine’s memory. This creates a privilege escalation which allows a hacker greater access to the far more trusted parts of the Mac.

The "BuggyCow" moniker is based on a loophole the hackers found in the so-called copy-on-write, or CoW, protection built into how MacOS manages a computer's memory.

Some programs, when dealing with large quantities of data, use an efficiency trick that leaves data on a computer's hard drive rather than potentially clog up resources by pulling it into memory.

That data, like any data in a computer's memory, can sometimes be used by multiple processes at once. The MacOS memory manager keeps a map of its physical location to help coordinate, but if one of those processes tries to change the data, the memory manager's copy-on-write safeguard requires it to make a copy.

This should have prevented the program branch simply changing the data shared by other processes.

Google's BuggyCow trick, however, takes advantage of the fact that when a program mounts a new file system on a hard drive -- loading a whole collection of files rather than altering just one -- the memory manager isn't warned. Apple didn't think that was a good idea because such a concept exists without faith in Apple or the ghost of Steve Jobs and without faith, it is nothing.

So a hacker can unmount a file system, remount it with new data, and in doing so silently replace the information that some sensitive, highly privileged code is using.

BuggyCow applies to anyone with an Apple laptop or desktop. The tame Apple press has done its best to claim that such a hack is far too advanced for any mortal to try. Apple users can rest easy in the knowledge that their Coldplay collections are safe from evil Russian hackers.

A hacker would need a victim to have already some form of malware running on their computer, one news site said. Everyone knows that there is no way that any malware can get into a super safe, super secure Mac.

While BuggyCow would allow that malware to potentially mess with the inner workings of higher-privileged parts of the computer, it could do so only if it found a highly privileged program that kept its sensitive data on the hard drive rather than memory.

Project Zero warned Apple about BuggyCow back in November, but Apple hadn't acted to patch it after all such a patch would lead to an existential crisis for many Mac users.

Last modified on 08 March 2019
Rate this item
(0 votes)

Read more about: