Related Posts Plugin for WordPress, Blogger...
Powered by Blogger.

Google's Project Zero reveals three Apple OS X zero-day vulnerabilities

Posted by Jerry Hannan Monday, January 26, 2015
Google's Project Zero reveals three Apple OS X zero-day vulnerabilities

Google's Project Zero aegis aggregation accept appear the actuality of three zero-day vulnerabilities begin in Apple's OS X, afterward the acknowledgment of flaws in Microsoft's Windows operating system.


Over the accomplished several days, the tech giant's Project Zero arrangement has appear capacity apropos three OS X aegis issues the aggregation accept dubbed severe.

The aboriginal flaw, "OS X networkd "effective_audit_token" XPC blazon abashing head escape," which involves abstention of commands in the arrangement system, may be mitigated in OS X Yosemite, but there is no bright explaination of whether this is the case. The additional vulnerability abstracts "OS X IOKit atom cipher beheading due to NULL arrow dereference in IntelAccelerator," and finally, the third, "OS X IOKit atom anamnesis bribery due to bad bzero in IOBluetoothDevice." includes an accomplishment accompanying to OS X's atom structure.

While anniversary blemish requires an antagonist to accept admission to a targeted Mac, anniversary vulnerability could accord to a acknowledged attack to drag advantage levels and booty over a machine. Anniversary vulnerability disclosure, as with any appear by the Project Zero team, includes a proof-of-concept exploit.

The vulnerabilities accept been appear to Apple but the flaws accept not been fixed. Once Project Zero's 90-day borderline passes, capacity of vulnerabilities begin in systems are automatically appear into the accessible domain.

On Apple's artefact aegis page, the iPad and iPhone maker states:

This isn't the aboriginal time Google's Project Zero has appear vulnerabilities which are yet to be fixed. In the accomplished several weeks, the tech giant's aegis aggregation has appear three abstracted aegis flaws in Microsoft's Windows operating system, which were unpatched at the time.

Read on: In the apple of security

  • Most US businesses accessible to cabal threats
  • Over 90 percent of abstracts breaches in aboriginal bisected of 2014 were preventable
  • Bluster, blowing and breaches: Today's 'terrorist' players in cybersecurity
  • Mobile malware on the acceleration worldwide, ransomware hits the spotlight
  • Verizon rushes fix for email annual accessible division aegis flaw
  • Microsoft Outlook afraid afterward Gmail block in China
  • High aggregate DDoS attacks acceleration in Q3 2014
  • Hackers for hire: Anonymous, quick, and not necessarily illegal
  • UK hires hackers, convicts to avert accumulated networks
  • ZeuS alternative strikes 150 banks worldwide
  • security:

Read on: Fixes and Flaws

  • Oracle issues analytical application update: 169 new aegis fixes
  • VLC vulnerabilities exposed
  • Microsoft slams Google for spilling the beans on Windows 8.1 aegis flaw
  • Apple iOS Masque blemish dangers: Communication app aggression discovered

Google's Project Zero reveals three Apple OS X zero-day vulnerabilities

Google's Project Zero aegis aggregation accept appear the actuality of three zero-day vulnerabilities begin in Apple's OS X, afterward the acknowledgment of flaws in Microsoft's Windows operating system.


Over the accomplished several days, the tech giant's Project Zero arrangement has appear capacity apropos three OS X aegis issues the aggregation accept dubbed severe.

The aboriginal flaw, "OS X networkd "effective_audit_token" XPC blazon abashing head escape," which involves abstention of commands in the arrangement system, may be mitigated in OS X Yosemite, but there is no bright explaination of whether this is the case. The additional vulnerability abstracts "OS X IOKit atom cipher beheading due to NULL arrow dereference in IntelAccelerator," and finally, the third, "OS X IOKit atom anamnesis bribery due to bad bzero in IOBluetoothDevice." includes an accomplishment accompanying to OS X's atom structure.

While anniversary blemish requires an antagonist to accept admission to a targeted Mac, anniversary vulnerability could accord to a acknowledged attack to drag advantage levels and booty over a machine. Anniversary vulnerability disclosure, as with any appear by the Project Zero team, includes a proof-of-concept exploit.

The vulnerabilities accept been appear to Apple but the flaws accept not been fixed. Once Project Zero's 90-day borderline passes, capacity of vulnerabilities begin in systems are automatically appear into the accessible domain.

On Apple's artefact aegis page, the iPad and iPhone maker states:

This isn't the aboriginal time Google's Project Zero has appear vulnerabilities which are yet to be fixed. In the accomplished several weeks, the tech giant's aegis aggregation has appear three abstracted aegis flaws in Microsoft's Windows operating system, which were unpatched at the time.

Read on: In the apple of security

  • Most US businesses accessible to cabal threats
  • Over 90 percent of abstracts breaches in aboriginal bisected of 2014 were preventable
  • Bluster, blowing and breaches: Today's 'terrorist' players in cybersecurity
  • Mobile malware on the acceleration worldwide, ransomware hits the spotlight
  • Verizon rushes fix for email annual accessible division aegis flaw
  • Microsoft Outlook afraid afterward Gmail block in China
  • High aggregate DDoS attacks acceleration in Q3 2014
  • Hackers for hire: Anonymous, quick, and not necessarily illegal
  • UK hires hackers, convicts to avert accumulated networks
  • ZeuS alternative strikes 150 banks worldwide
  • security:

Read on: Fixes and Flaws

  • Oracle issues analytical application update: 169 new aegis fixes
  • VLC vulnerabilities exposed
  • Microsoft slams Google for spilling the beans on Windows 8.1 aegis flaw
  • Apple iOS Masque blemish dangers: Communication app aggression discovered

0 comments