Google’s Project Zero security unit has revealed three security flaws in Apple’s OS X operating system that might allow hackers to take control of user’s Mac systems. The flaws are mentioned as “OS X networked “effective_audit_token” XPC type confusion sandbox escape”, “OS X IOKit kernel code execution due to NULL pointer difference in IntelAccelerator,” and “OS X IOKit kernel memory corruption due to bad bzero in IOBluetooth device.” The first flaw may be mitigated by changes already present in OS X Yosemite, but that has not been confirmed. Further details about the flaws are present on Google’s Security Research page.
Goggle, in October notified Apple about the flaws. In addition to this, it later published detailed information about the flaws along with a proof-of-concept exploit after the Project Zero team’s 90 – day cutoff period. Still, Apple has not paid any heed to these flaws and no statement exist to confirm the harmlessness for the loopholes. We are expecting Apple to fix the issue with the upcoming update of OS X Yosemite 10.10.2 (currently in beta) – as from iMore. “For the protection of our customers, Apple does not disclose, discuss or confirm any security issues until a full investigation has occurred and any necessary patches or releases are available”- Apple’s product security page. Previously, Google has also done the same act of disclosing the bug detail before the patch fixes are rolled out. Earlier, it published a series of vulnerabilities in Microsoft’s Windows 8.1, for which it was criticized by Microsoft’s Senior Director of the Microsoft Security Response Center, Chris Betz. And after a few days, it went on revealing two more bugs in Windows 7 and Windows 8.1 to the public.