Google these past few weeks published details about security flaws in Microsoft's Windows operating system despite a request by the Redmond giant to hold off until it issued a fix within a few days, and now, the company has published details about three security flaws in Apple's OS X operating system after the stipulated Project Zero 90-day deadline to deliver a fix lapsed.
Google's Project Zero security unit has revealed three flaws in Apple's OS X operating system that might allow hackers to take control of users' Mac systems. The flaws are mentioned as "OS X networkd "effective_audit_token" XPC type confusion sandbox escape", "OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator," and "OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice."
The first flaw may be mitigated by changes already present in OS X Yosemite, but that has not been confirmed. Details can be found in Google's Security Research page. The search giant notified Apple about the flaws back in October. However, it later published detailed information about the flaws including proof-of-concept exploit after the Project Zero team's 90-day cut-off period.
Apple has still not addressed the flaws and is yet to mention if these loopholes will be tackled in future. According to iMore (via Engadget), the upcoming OS X Yosemite 10.10.2 update, currently in beta, might be able to bring fixes to the issues.
No comments:
Post a Comment