Last week, Google angered Microsoft be revealing a major security exploit in Windows, before they got the chance to patch with a security update. This week it’s apparently the giant Apple’s turn to take the heat.
Google’s Project Zero Initiative is responsible for making security disclosures public, as it seeks to put pressure firms into resolving security loopholes more quickly.
The security unit revealed three severe vulnerabilities in the operating system OS X, and they are not of small impact.
The exploits could allow hackers to take over control of your Mac computer.
Each vulnerability, as usual when the Project Zero team discloses them, includes a proof-of-concept exploit.
The exploits include,
1) “OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator”
2) “OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice.” and includes an exploit related to OS X’s kernel structure.
3) “OS X networkd “effective_audit_token” XPC type confusion sandbox escape,” which involves circumvention of security in the network system, and it may be mitigated in OS X Yosemite, however, there is really no explanation if this is the case.
Tech giant company, Google, says that in accordance with its policies it notified Apple in October 2014, and details were automatically publicized after the usual 90-day cutoff period, which incurred happened this week.
Many have complained that this puts users at risk blaming Google for informing hackers of the flaw.
Apple has yet to comment. As per the company’s history it will come forward after a solution has been found.
Tech blog, iMore, has reported that an upcoming Yosemite update (10.10.2) is expected to deal with the flaws.
Security analysts and Mac users are concerned that malware writers use those bugs before a solution update is delivered.
The Project Zero was launched in mid-2014 by Google and tasks their researchers with uncovering software exploits that have a potential of putting users at risk for targeted attacks.