Google takes on Apple again as the Project Zero Security team discloses three major flaws in Apple’s OS X operating system. According to the security team of Project Zero, Apple’s OS X has certain vulnerabilities, which might well lead to theft of data at ease. The issues that the Project Zero team has encountered can lead to an attacker to easily elevate through the security levels and take over the machine. The disclosure from Project Zero team comes right after the security team revealed a few bugs in Microsoft’s Windows operating system.
The reports put forward by the Project Zero Security team states that although the vulnerabilities are dangerous for the user and his data, but in order for the attacker to steal something, he or she must have access to the targeted Mac.
The first flaw in the OS X operating system is a networkd effective_audit_token XPC type confusion sandbox escape. It gets unsandboxed and runs as its own users opening the floodgates for an attack. The report suggests that it is accessible to other sandboxes from outside including ntpd, Safari WebProcess, etc.. The other flaws pointed out by Project Zero’s Security team includes OS X IOKit kernel code execution, which occurs due to a NULL pointer dereference in IntelAccelerator. The third flaw pointed out by the team, includes the OS X IOKit kernel memory corruption due to bad bzero in the IOBluetoothDevice.
On the other hand, Apple is unhappy with Project Zero as the company’s security procedures does not allow any information outside the company until a complete investigation has taken place. In the recent past, Microsoft was also upset with Project Zero as the team revealed a bug in Windows 8.1, which was not properly fixed by Microsoft. The bug could easily allow any individual to gain administrator authority.