Security flaw in OS X-now revealed to public by Google
Despite the request by Redmond Giant to hold on till the notified issue in Microsoft’s Windows Operating System security (which came out in past few weeks), Google again published details about three security flaws in Apple’s OSX operating system after the stipulated project Zero 90 – days deadline to deliver a fix lapsed!
Google’s Project Zero security unit has revealed three security flaws in Apple’s OS X operating system that might allow hackers to take control of user’s Mac systems. The flaws are mentioned as “OS X networked “effective_audit_token” XPC type confusion sandbox escape”, “OS X IOKit kernel code execution due to NULL pointer difference in IntelAccelerator,” and “OS X IOKit kernel memory corruption due to bad bzero in IOBluetooth device.” The first flaw may be mitigated by changes already present in OS X Yosemite, but that has not been confirmed. Further details about the flaws are present on Google’s Security Research page.
Goggle, in October notified Apple about the flaws. In addition to this, it later published detailed information about the flaws along with a proof-of-concept exploit after the Project Zero team’s 90 – day cutoff period. Still, Apple has not paid any heed to these flaws and no statement exist to confirm the harmlessness for the loopholes.
We are expecting Apple to fix the issue with the upcoming update of OS X Yosemite 10.10.2 (currently in beta) – as from iMore.
“For the protection of our customers, Apple does not disclose, discuss or confirm any security issues until a full investigation has occurred and any necessary patches or releases are available”- Apple’s product security page.
Previously, Google has also done the same act of disclosing the bug detail before the patch fixes are rolled out. Earlier, it published a series of vulnerabilities in Microsoft’s Windows 8.1, for which it was criticized by Microsoft’s Senior Director of the Microsoft Security Response Center, Chris Betz. And after a few days, it went on revealing two more bugs in Windows 7 and Windows 8.1 to the public.