+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Google researchers revealed a rare Mac security flaw and called it 'BuggyCow'

Mar 5, 2019, 18:04 IST

A cow eats hay at the Faria Dairy Farm June 2, 2009 in Escalon, California.Justin Sullivan/Getty Images

Advertisement
  • Google's Project Zero security team have uncovered a MacOS security flaw before Apple had time to fix it.
  • The team nicknamed the flaw "BuggyCow" after the feature it exploits.
  • It's another security embarrassment for Apple.

Google's team of security researchers, called Project Zero, have uncovered a rare security flaw for Apple's computer operating system MacOS.

Google's team uncovered the previously undisclosed bug, known as a zero-day exploit, and gave Apple a 90-day deadline to fix it before they went public with the details.

Apple didn't respond after 94 days and the team posted the exploit in a forum post, revealing that they had nicknamed it "BuggyCow."

As noted by The Register, the bug allows malware already running on the victim's Mac, or a rogue logged-in user, to gain access to the more protected bits of their computer. The Mac would already need to be compromised in some way, so the victim would already be in trouble before anyone actually exploited the bug.

Advertisement

Project Zero researcher Ian Beer demonstrated the flaw in a proof-of-concept code - meaning it's open for anyone to see, and it directly impacts a major rival to Google.

Read more: Apple's FaceTime has a major bug that lets others listen in on you before you answer the call

The "BuggyCow" name stems from a hole in MacOS' copy-on-write, or CoW, feature. The issue would allow malware or a rogue user to modify files without triggering any warnings.

Researcher Jann Horn wrote on 28 February that there was no fix from Apple.

"We've been in contact with Apple regarding this issue, and at this point no fix is available," he wrote. "Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch."

Advertisement

The Project Zero team has a habit of revealing major security flaws that affect big tech firms, and its strict three-month deadline for those firms to fix the issues has been criticised as foolhardy.

But Apple has had a number of security embarrassments recently. There was the FaceTime bug that allowed another user to listen in to calls, and the "root" bug that let anyone log into a Mac with a blank password.

Mac security specialist at Malwarebytes Thomas Reed told Wired that some of the problems could have been avoided.

"They've had a lot of very-high-profile security-related bugs and some have been really, really stupid," he said. "It makes you wonder what's going on with the QA process at Apple. Are they adequately testing? Lately, it seems like they're not."

NOW WATCH: Everything we know about the Samsung Galaxy S10, which could have 6 cameras

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article