BuggyCow zero-day vulnerability


Google's Project Zero announced an unpublished exploit in macOS. Named BuggyCow, is a memory exploit to gain unauthorized privileges.

Wired:

On Friday, Google's Project Zero researchers quietly published a forum post outlining a previously unknown vulnerability in MacOS, which they call BuggyCow, in a piece of proof-of-concept demonstration code. The attack takes advantage of an obscure oversight in Apple's protections on its machines' memory to enable so-called privilege escalation, allowing a piece of malware with limited privileges to, in some cases, pierce into deeper, far more trusted parts of a victim's Mac.

The vulnerability is reportedly a sophisticated attack and it's unknown if it's ever been successfully deployed. The exploit was released after over three months of notifying Apple. There doesn't seem to be much to do to counteract the exploit at this moment.