Google researchers revealed a rare Mac security flaw and called it 'BuggyCow'
- Google's Project Zero security team have uncovered a MacOS security flaw before Apple had time to fix it.
- The team nicknamed the flaw "BuggyCow" after the feature it exploits.
- It's another security embarrassment for Apple.
Google's team of security researchers, called Project Zero, have uncovered a rare security flaw for Apple's computer operating system MacOS.Google's team uncovered the previously undisclosed bug, known as a zero-day exploit, and gave Apple a 90-day deadline to fix it before they went public with the details.
As noted by The Register, the bug allows malware already running on the victim's Mac, or a rogue logged-in user, to gain access to the more protected bits of their computer. The Mac would already need to be compromised in some way, so the victim would already be in trouble before anyone actually exploited the bug.Project Zero researcher Ian Beer demonstrated the flaw in a proof-of-concept code - meaning it's open for anyone to see, and it directly impacts a major rival to Google.
"We've been in contact with Apple regarding this issue, and at this point no fix is available," he wrote. "Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch."
The Project Zero team has a habit of revealing major security flaws that affect big tech firms, and its strict three-month deadline for those firms to fix the issues has been criticised as foolhardy.But Apple has had a number of security embarrassments recently. There was the FaceTime bug that allowed another user to listen in to calls, and the "root" bug that let anyone log into a Mac with a blank password.
Mac security specialist at Malwarebytes Thomas Reed told Wired that some of the problems could have been avoided.
"They've had a lot of very-high-profile security-related bugs and some have been really, really stupid," he said. "It makes you wonder what's going on with the QA process at Apple. Are they adequately testing? Lately, it seems like they're not."Get the latest Google stock price here.
- Apple iPhone 13’s A15 Bionic won’t be based on 3nm process, confirms TSMC
- The utter chaos and confusion over Remdesivir in India is making the COVID-19 second wave worse
- Atlassian, the maker of Jira and Trello, is looking to hire 300 engineers in India this year
- Night curfew hours extended in UP's Lucknow, Prayagraj, Varanasi, Kanpur City, Gautam Buddha Nagar, Ghaziabad, Meerut, Gorakhpur, Shravasti and Moradabad districts
- Around 1,700 people test positive for COVID-19 in Hardiwar Kumbh Mela from April 10-14