Google's Project Zero reveals three new zero-day exploits in Apple's OS X [u]An internal software security research team at Google has publicly revealed three of recently-discovered zero-day exploits in Apple's Mac OS X desktop operating system, though the severity of each vulnerability is unknown.
Update: Apple's forthcoming OS X 10.10.2 update will contain patches for the IOKit vulnerabilities reported on Friday, according to iMore.
At issue are OS X's networkd and IOKit, which is responsible for two separate cases. The disclosures — which also include proof-of-concept code — were first noticed by ArsTechnica.
Project Zero researchers reported the vulnerabilities to Apple last October, and at least one of the problems appears to have been mitigated in OS X Yosemite. The disposition of the remaining two is unclear; they were publicly disclosed 90 days after being reported, which is standard operating procedure for Project Zero.
As noted by Ars, none of the vulnerabilities appear to be directly remotely exploitable — meaning a malicious actor would already need access to a machine — but they could be used in combination with other attacks to escalate the attacker's privileges.
Project Zero is a small group within Google tasked with testing and discovering vulnerabilities in commercial software. The team has already revealed three other flaws in OS X and at least that many in Microsoft's Windows, and found disfavor with Microsoft by announcing an exploit two days before the Redmond giant was due to issue a patch.
On Topic: Mac OS X
- Sony brings wireless PS4 DualShock 4 controller support to Mac with new $25 dongle
- Apple issues sixth public, seventh developer betas of macOS Sierra
- Google removing support for Chrome Apps in Mac browser by 2018
- Parallels Desktop 12 for Mac released with macOS Sierra support, Toolbox app
- Apple wins appeal in Time Machine tech patent infringement suit