According to Googles Project Zero, there is a “serious” security vulnerability in macOS. Apple was already informed about this vulnerability in November 2018 but has only recently started working on a solution.
Found serious macOS security vulnerability
Project Zero is a special team from Google that is always looking for vulnerabilities in software. Not only the own programs are placed along the yardstick, but also those of others. This time Apple is the bitten dog. According to Project Zero, there is a “serious” security leak in macOS.
Malicious people can gain access to your computer without you knowing that. The bottom line is that a hacker can modify a file system without the virtual subsystem of macOS – similar to a police officer – being aware of this.
As a result, in theory, a virus or malicious code can be added to the file system. The subsystem, which acts as a sort of the second layer of security, can’t see these changes. In this way, the problem is only discovered by the ‘built-in police officer’ if it is already too late. The full technical explanation of the vulnerability can be found on the Chromium website.
The solution in the making
Project Zero already informed Apple about the error in November 2018, but the company from Cupertino has not yet come up with a solution. According to the rules of the Google watchdog, the bug found is then made public after 90 days to put the developer under pressure.
Apple says in a comment to Neowin that they are busy with a patch. This is rolled out in a later version of macOS Mojave. For now, as a user, you can do little about it.
It is, of course, wise to do good research before you download new programs and always install updates immediately. That way you run the least risk. It is not yet known whether the macOS vulnerability actually made victims.