Google’s Bug Hunters Zero in on Mac Exploits

24 Jan 2015 | Author: | No comments yet »

Belated OS X 10.10.2 release due to vulnerabilities.

Google’s Project Zero team has been hitting Microsoft pretty hard this month over discovered vulnerabilities in Windows software, but now it’s Apple’s turn in the spotlight.

It’s been a couple of months since the last update for Yosemite was released and there is still no sign of a firm release date for OS X 10.10.2, although we do know that it will be belated due to several vulnerabilities. The researchers with Google’s Project Zero security team have revealed three vulnerabilities with the OS X operating system from Apple, and are marked as severe. ZDNet reported, “The first flaw, “OS X networkd “effective_audit_token” XPC type confusion sandbox escape,” which involves circumvention of commands in the network system, may be mitigated in OS X Yosemite, but there is no clear explanation of whether this is the case. Project Zero’s policy is to publicly disclose vulnerabilities in software 90 days after informing its owners of the issue, if they don’t fix the problem. That said, the publication of the bugs does potentially mean that less-savory types will now have a pretty good starting point for creating new attacks of their own targeting Mac software.

We can understand that many of you will be worrying that their system can now be hacked, but iMore assures us that this cannot be done remotely and so will need to gain physical access to your Mac running the latest version of Yosemite. And while Apple never responded to Project Zero’s warnings, it’s possible Cupertino quietly patched the first vulnerability identified—which is listed as Issue #130 in Google’s Security Research project. Apple states that they do not disclose, discuss or confirm any security issues until a full investigation has been done from their side and any necessary patches or releases are available. Apple usually distributes information about security issues in its products through this site and [a mailing list],” reads Apple’s Product Security page.

Here you can write a commentary on the recording "Google’s Bug Hunters Zero in on Mac Exploits".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site