Apple has been held in high regard as a company that has always been focused on the security of its product offerings; however, a new kernel flaw was recently found within the company’s MacOS desktop operating system. The latest news comes just months after a critical security flaw was shown to bypass MacOS Mojave’s system security and a massive flaw allowed eavesdropping via Apple’s FaceTime videotelephony software. This time around, the problem is at the heart of MacOS — the XNU kernel.
XNU is the operating system kernel for MacOS that has been in use as far back as the mid-1990s — a kernel is the core computer program that allows for software to communicate with a device’s hardware. The most recent flaw was discovered by the Project Zero team at Google, which aims to identify deficiencies in consumer software. According to Google, they were able to take advantage of the kernel’s copy-on-write function; this allowed the team to modify data on a disk without the entire system being aware of the change.
When a flaw is discovered, Project Zero follows a procedure where it first presents an issue to the company responsible for the software, with a set deadline before the information is released to the general public. Project Zero made Apple aware of the flaw in November 2018; however, as of February 28th, Apple has yet to patch the issue. Ben Hawkes of Project Zero does note that Apple is “intending to resolve the issue in a future release, and we’re working together to assess the options for a patch.”
Google’s Project Zero is a team of industry recognized security professionals, including Jann Horn, the researcher who was critical to the discovery of both the Meltdown and Spectre vulnerabilities affecting both Intel and ARM-based processors. In regards to Apple’s problem with the MacOS XNU kernel, the team at Google has introduced a concept code solution for the challenge. The kernel of an operating system is central to all processes, and it is possible that Apple is approaching the issue with great tact, albeit a bit slow for its users. For the utmost security, be sure to always keep your copy of MacOS up to date.