Vulnerability in XNU | |
---|---|
Vulnerable versions | |
Fixed in version |
|
Disclosed | 16 March 2023 |
Discovered by | Ian Beer |
CVE | CVE-2022-46689 |
Apple KB |
MacDirtyCow (CVE-2022-46689) is a security vulnerability in macOS and it's derivates that allows an attacker to gain root privileges on an affected system. It’s similar to the Dirty COW vulnerability in Linux. The vulnerability is caused by a race condition in the way macOS’s XNU kernel handles copy-on-write (COW) operations on memory pages. When a memory page is marked read-only but also marked as copy-on-write, the kernel will create a new copy of the page when a write operation is performed on the page. However, there is a small window of time between the read-only page being checked and the new copy being created where an attacker could modify the page in memory, effectively bypassing the read-only restriction.[2]