The Project Zero team at Google said they have come across a flaw in Apple’s macOS which they termed to be of considerable severity. Google explained the flaw is being labeled as one of high severity considering that it can grant anyone access to a user’s computer without the owner having an inkling of it at all.
The flaw though is fairly advanced which means only those having considerable expertise with the macOS platform capable of making anything of it. Delving into the issue further, Google said the fault is in the manner any changes made to the mounted filesystem image owned by the user does not get reflected in the virtual management system right away.
This way, any hacker can claim ownership of the mounted filesystem and get away with a nefarious act with the owner getting to know of it pretty late, probably well beyond the time to react and prevent such an attack. It is for precisely this reason that Google chose to term it as an issue of high severity.
The Project Zero team shot off a warning to Apple right away informing them of the grave danger that the flaw posed to Mac device owners. In fact, the flaw was detected back in November 2018 itself and is now being brought to public notice after the expiry of the 90-day period that Google allows the manufacturer to shore up their act – read the issue a security patch.
Also, while it can be considered quite irresponsible on the part of Apple to have been sitting on it for the past three months, the company has since promised it is working with Google to patch the flaw at the earliest. The iPhone maker said the patch would be part of the next macOS update but has declined to provide any realistic timeline for the same to be made available.
As for Project Zero, it happens to be a team of top-notch security experts backed by Google and are tasked with finding bugs and vulnerabilities that can impair an operating system. Besides Google’s own platforms, the team also deals with other popular OSs such as macOS, iOS, Windows 10 and informs the manufacturer if they come across any flaw. There is a 90-day window for the companies to path the bug, post which the same is brought to the public domain, as happened in this case.