Google discovers a security flaw in macOS Google’s Project Zero research team has discovered what it describes as a “high severity” security flaw in the macOS operating system. After Apple failed to patch the vulnerability within 90 days of being informed, Project Zero
made the details public. The flaw, which is known as BuggyCow, allows an attacker to bypass the protection built into macOS’s copy-on-write (CoW) system, which manages device memory. The attacker could then surreptitiously modify a mounted disk image and get the Mac to run malicious code without triggering any warnings. “We’ve been in contact with Apple
regarding this issue, and at this point no fix is available,” said a Project Zero developer. “Apple is intending to resolve this issue in a future release, and we’re working together to assess the options for a patch.” Technically, BuggyCow applies to
anyone who uses an Apple laptop or desktop computer, but because the exploit is relatively obscure and requires the victim’s Mac to already be infected with malware, there’s no major cause for panic.