Google to Unveil macOS Vulnerability

It is associated with the implementation of a copy-on-write mechanism in the system
05 March 2019   742

Specialists at Google Project Zero found a vulnerability in the macOS kernel. It is associated with the implementation of a copy-on-write mechanism in the system, used for operating with copies of memory. An attacker can change files in a mounted macOS file system image without the file system warning and get the execution of malicious code.

This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.
 

Google Project Zero team

The Google Project Zero team reported to Apple about their discovery back in November last year, but for 90 days the company failed to solve the problem, so the experts published information and the PoC-code exploit.

LineageOS Team to Report on Project Updates

Since March, the number of assemblies provided by the project replaced CyanogenMode has increased to 36 devices
03 July 2019   369

The developers of the LineageOS project, which replaced CyanogenMod after abandoning the project of Cyanogen Inc, published a report on the development of the LineageOS 16 branch based on the Android 9 platform. Since March, the number of assemblies provided by the project has increased to 36 devices. Recent changes are noted:

  • AOSP’s Night Display now controls night mode (on recent devices only, such as those with a Snapgragon 820 or more recent)
  • LiveDisplay remains available for all its other features
  • The volume panel can now be expanded to control all the various volume streams
  • The volume panel can now be optionally relocated to the left
  • Expanded quick settings are back
  • Detailed views for the following tiles are available: Wi-Fi, Bluetooth, Mobile Data, Location, Profiles
  • New default wallpaper and a new wallpapers app with many new, and old, wallpapers
  • Other than the usual nature, urban and abstract themed wallpapers, monochromatic and gradients wallpapers are now available
  • Privacy Guard now supports apps in the Work Profile
  • It’s possible to add up to two LockScreen shortcuts again
  • Circle battery is back after being missing since LineageOS 13.0
  • Notification ringtone level can be unlinked from phone calls ringtone level
  • GPS battery saving mode can now be enabled from the Settings
  • Vim has been updated to version 8.1
  • Nano has been updated to version 4.2
  • Fixed issue were using certain private DNS caused devices to crash thanks to backported fix from Q
  • Support for bluetooth SBC DualChannel HD has been added (both 15.1 and 16.0)
  • Performance improvements for Eleven (music player app) (both 15.1 and 16.0)
  • Updated call recording configurations (both 15.1 and 16.0)

Additionally, developers mark the termination of the formation of assemblies LineageOS 15.1 for Google Nexus 4, Asus Zenfone Max Pro M1, Nvidia Shield Tablet, Samsung Galaxy S9, Samsung Galaxy S9 + and ZTE Axon 7.

Get more info at official website.