Google has a high security program open that analyzes security flaws in operating systems, known as Project Zero. In the last hours it has communicated a failure of "High severity" that directly affects the macOS kernel and that could cause an attacker to make changes to a file inadvertently on macOS.
In this way, infected files can be installed and allowed access to hackers to perform malicious activities, without macOS detecting it, being able to abuse the system and by extension of the user himself. Apple will be working immediately to correct this bug.
The Project Zero team, made up of Google security researchers, discovered that if we make a modification to the image of a file system on the user's files, the virtual administration you do not receive notification of such changes. In this way, an attacker can be granted access to perform malicious actions without the user even knowing it, he can no longer do anything to fix it.
Apparently Google reported the ruling in November 2018, but since Apple has not fixed the problem with a patch in the last 90 days, it has decided to make it public. Finally Apple has recognized the problem and is working to fix the problem. In fact he is working together with the Project Zero team. Apple's premise is to give you solution in future updates, but at the moment the date of the solution is unknown.
Google describes the problem with severe problem. Apple is not commenting on this, but problems with Apple's operating system are constantly appearing. Days ago we commented on the problem with access to the MacOS keychain and the request of researcher Henze to create a rewards program por la detección de errores de los sistemas operativos. iOS cuenta con un programa similar y permite que muchos investigadores aporten posibles soluciones a los problemas, haciendo el sistema más seguro. Cualquier novedad en este sentido, desde Soy de Mac estaremos encantados de comentarlo.
