Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Google Bug Businesses IOS Operating Systems Security Apple

Google's 'Project Zero' Hid A Major Vulnerability in Apple's OS and iOS Cores (thestack.com) 88

In June Google's task-force against zero day exploits "identified a coding exploit in the underlying kernel of Apple's OSX and it's mobile operating system iOS, which could allow for root-level escalation of privileges for an attacker in a non-updated version of the OS," according to The Stack.

An anonymous reader writes that Google "initially refused Apple's request for sixty days' grace, but eventually settled on September 21st for disclosure. But when Apple's last-minute September fix turned out to be ineffective, Project Zero agreed to keep quiet, eventually granting Apple nearly five months of silence about the task_t bug -- which has now been fixed in the latest updates to Mac OS and iOS." The fix was released Monday, the Stack reports: Since the task_t bug allows the user to gain any entitlements they may want, it could also nullify kernel code signing, which would allow unauthorized programs to run with elevated privileges on a Mac system. Any current OSX or iOS user who has applied the latest system updates is not susceptible to the task_t vulnerability.
This discussion has been archived. No new comments can be posted.

Google's 'Project Zero' Hid A Major Vulnerability in Apple's OS and iOS Cores

Comments Filter:
  • by Anonymous Coward

    Was this a unix-linux level bug that would affect all systems built on top or was this an OS X/iOS-induced bug from layers that sit on top of the kernel? Was BSD-derived systems similarly affected, or Android systems?

    Is there a counterpart in the wild in Linux-land?

    • by Shimbo ( 100005 )

      It was a performance hack for a microkernel system, so no. Apple had to do some extensive reworking to fix it, so it seems sensible to me to cut them some slack in this case.

    • by ls671 ( 1122017 )

      OSX and iOS are based on NextSTEP:

      http://arstechnica.com/apple/2... [arstechnica.com]

      https://en.wikipedia.org/wiki/... [wikipedia.org]

      Back on topic; Project Zero went the ethical way.

    • It's a bug in the IOKit component of the kernel, which is part device driver framework and part userspace communication framework. IOKit is specific to XNU and is not found in any other OS (it replaced DeviceKit in NeXTSTEP / OPENSTEP, which used Objective-C in the kernel). The userspace process passes a Mach port to the kernel and the kernel assumes that this Mach port embodies the credentials that the userspace process has. Unfortunately, userspace processes often have Mach ports owned by more privileg
  • by Anonymous Coward
    It is frustrating when you read the title for a thread and get one idea of what happened, but when you read the details it is very different. Simply saying that you hid something is ambiguous and can lead others to think it was nefarious. In this case it was a mutual understanding. Slashdot can do better than this.
    • Yea sure, Slashdot has editors and our elections are not rigged. But if there were really editors, how could you make sense of a September 21st for disclosure and a claim that Project Zero agreed to keep quiet, eventually granting Apple nearly five months of silence? This would only be explained if editors couldn't do simple math or if they didn't know how long a week and a month is.
  • by 93 Escort Wagon ( 326346 ) on Saturday October 29, 2016 @04:45PM (#53176419)

    Isn't the point of eventual disclosure to force coders/companies not to ignore bugs?

    Yes, Google found a bug. But Apple didn't ignore it - their initial patch just wasn't effective. They were obviously actively working to solve the problem... so why should Google have released the exploit?

    • Re: (Score:1, Interesting)

      by XparXnoiaX ( 4714613 )
      Counterargument [medium.com]. Essentially, there is no way to know that this exploit wasn't being actively exploited (and let's be honest: five months to fix the bug means they aren't taking security seriously).
    • Google has a history of just releasing the exploit with regard to companies where Brin/Page aren't majorly invested (e.g. Microsoft), when they need extra time to finalize the fixes. One of them (I forget whcih) was on the apple board until the Android release made them competitors.

  • It's been a long time waiting on a jailbreak since they got so valuable. I'd do the same thing "Hmmmm... release this as a jailbreak, or sell it for a million bucks..."

    This looks easy enough to get working and is current up to 10.0.2 or whatever the latest was.

  • by Anonymous Coward on Saturday October 29, 2016 @05:12PM (#53176499)

    Using the words "hid a major vulnerability" is misleading. It implies Google infiltrated Apple source code to implant an exploit. Google didn't hide shit. They found the exploit, informed Apple, and kept quiet about it for the safety of the users.

    • Using the words "hid a major vulnerability" is misleading. It implies Google infiltrated Apple source code to implant an exploit. Google didn't hide shit. They found the exploit, informed Apple, and kept quiet about it for the safety of the users.

      I wish you had posted this before I blew all of my mod points.

    • by wbr1 ( 2538558 )
      100% this. The threat to release an exploit is to get the vendor moving towards a fix. When apple did actually work on a fix, Google did the right thing and kept it mum. If it had been caught in the wild as a 0-day then it would have been responsible to release, but not before.
  • Because the summary and both articles are ambiguous, I was confused what was meant by "latest system updates." For anyone else wondering, this vulnerability was patched in Yosemite, El Capitan, and Sierra -- not just Sierra. See under "System Boot" heading here: https://support.apple.com/en-us/HT207275 [apple.com].
  • safe (Score:3, Funny)

    by slazzy ( 864185 ) on Sunday October 30, 2016 @09:55AM (#53178713) Homepage Journal
    My iPhone is too old to support the vulnerability, I'm good!
  • that pretty much sucks to keep it hidden for 5 months.
    all the while releasing a windows vulnerability before a patch is out.
    sounds like double standards to me.

You see but you do not observe. Sir Arthur Conan Doyle, in "The Memoirs of Sherlock Holmes"

Working...