Google Project Zero reveals 'high severity' macOS vulnerability that Apple has failed to patch

Google's Project Zero has gone public about a 'high severity' flaw in the macOS kernel after Apple failed to patch it 90 days after being told about the problem. A security researcher discovered a problem in XNU that means it is possible to perform malicious activities. The security bug related to copy-on-write (COW) behavior, enabling an attacker to manipulate filesystem images without the operating system being notified. Apple was informed of the vulnerability back in November, but has failed to release a patch. Writing about the vulnerability on the Chromium bug tracker -- highlighted by Neowin -- the security researcher… [Continue Reading]