The Google Project Zero team has uncovered a crucial bug in the macOS kernel which could grant hackers access to users’ computer without their knowledge. Google has called the bug a “high severity” flaw.
After the cybersecurity disclosure by the Google team, Apple started working on the patch. Google had reported the existence of the flaw to Apple back in November 2018. But no timeline was given by Apple as to when the patch will be released. Until the release of the patch, the users will remain vulnerable. Google made the flaw public owing to its 90-day disclosure policy despite the fix not being available.
Google published the vulnerability online in its proof-of-concept demonstration code which they chose to call BuggyCow. A developer commented saying that Google and Apple are working together to “assess the options on the patch”.
macOS users need to be extra careful about the sites they visit and they also need to pay special attention to what they download. As long as this bug exists in the macOS, users are vulnerable to attacks. Owing to the severity of the flaw an attack could simply go unnoticed and make serious changes to macOS.