Google to Unveil macOS Vulnerability

It is associated with the implementation of a copy-on-write mechanism in the system
05 March 2019   428

Specialists at Google Project Zero found a vulnerability in the macOS kernel. It is associated with the implementation of a copy-on-write mechanism in the system, used for operating with copies of memory. An attacker can change files in a mounted macOS file system image without the file system warning and get the execution of malicious code.

This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.
 

Google Project Zero team

The Google Project Zero team reported to Apple about their discovery back in November last year, but for 90 days the company failed to solve the problem, so the experts published information and the PoC-code exploit.

TIOBE April 2019 to be Available

Top three are Java, C and C++, Python was pushed on the 4th place
11 April 2019   215

In April, C ++ pressed Python out of the top three and sent it on the fourth line. Experts say the reason is not a drop in interest in Python. On the contrary, from month to month interest in it is growing. Also, the popularity of C ++ is growing.

TIOBE Programming Community Index April 2019
TIOBE Programming Community Index April 2019

TIOBE experts recalled that once C ++ market share exceeded 15%. Difficulties with the release of new versions of the standard language provoked a drop in interest in C ++ and a reduction in this share. With the release of C ++ 11, C ++ 14 and C ++ 17, and most importantly, with their support by the main compilers, the popularity of the language began to revive.

TIOBE April 2019
TIOBE April 2019

The TIOBE ranking is compiled monthly based on the analysis of search queries in Google, Bing, Yahoo !, Wikipedia, Amazon, YouTube and Baidu. It reflects the popularity of programming languages, but not their quality.