MacDirtyCow

From The Apple Wiki
MacDirtyCow
Vulnerability in XNU
Vulnerable versions
Fixed in version
  • 8792.61.2[1]
  • 8020.241.14 (iOS 15 backport)
  • 8020.240.14 (macOS 12 backport)
Disclosed16 March 2023
Discovered byIan Beer
CVECVE-2022-46689
Apple KB

MacDirtyCow (CVE-2022-46689) is a security vulnerability in macOS and it's derivates that allows an attacker to gain root privileges on an affected system. It’s similar to the Dirty COW vulnerability in Linux. The vulnerability is caused by a race condition in the way macOS’s XNU kernel handles copy-on-write (COW) operations on memory pages. When a memory page is marked read-only but also marked as copy-on-write, the kernel will create a new copy of the page when a write operation is performed on the page. However, there is a small window of time between the read-only page being checked and the new copy being created where an attacker could modify the page in memory, effectively bypassing the read-only restriction.[2]

References