Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday March 06 2019, @02:20PM   Printer-friendly
from the cow-a-buggy-dude dept.

Submitted via IRC for SoyCow1984

Hack Brief: Google Reveals 'BuggyCow,' a Rare MacOS Zero-Day Vulnerability

When Google's team of ninja bug-hunting researchers known as Project Zero finds a hackable flaw in somebody else's code, they give the company responsible 90 days to fix it before going public with their findings—patched or not. So like clockwork, 94 days after Google alerted Apple to a bug in its MacOS operating system that could allow malware to inject data into the most privileged code running on its computers, Mountain View's hackers are revealing that fresh zero-day vulnerability to the world.

On Friday, Google's Project Zero researchers quietly published a forum post outlining a previously unknown vulnerability in MacOS, which they call BuggyCow, in a piece of proof-of-concept demonstration code. The attack takes advantage of an obscure oversight in Apple's protections on its machines' memory to enable so-called privilege escalation, allowing a piece of malware with limited privileges to, in some cases, pierce into deeper, far more trusted parts of a victim's Mac.

[...] BuggyCow continues Project Zero's practice of publicly dropping serious, unpatched security vulnerabilities in the code of major tech firms, from Apple and Facebook to Microsoft, a habit that has earned it occasional criticism from the security industry. But the group's strict 90-day deadline, Google has argued, is intended as a powerful motivator for other companies to patch their flaws quickly—an important factor given that Project Zero isn't always the only group of hackers who discover a vulnerability.

In fact, Project Zero notes that it first warned Apple about its BuggyCow flaw back in November and that the company hadn't acted to patch it ahead of last week's public reveal. Apple didn't respond to a request for comment.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Funny) by Anonymous Coward on Wednesday March 06 2019, @10:31PM

    by Anonymous Coward on Wednesday March 06 2019, @10:31PM (#810890)

    You're a mac user, nobody expects you to be able to do anything besides breath via your mouth only.

    Starting Score:    0  points
    Moderation   +1  
       Funny=1, Total=1
    Extra 'Funny' Modifier   0  

    Total Score:   1