Home >> News >> Google Project Zero discloses 3 major Apple OS X Yosemite flaws

Google Project Zero discloses 3 major Apple OS X Yosemite flaws


Google takes on Apple again as the Project Zero Security team discloses three major flaws in Apple’s OS X operating system. According to the security team of Project Zero, Apple’s OS X has certain vulnerabilities, which might well lead to theft of data at ease. The issues that the Project Zero team has encountered can lead to an attacker to easily elevate through the security levels and take over the machine. The disclosure from Project Zero team comes right after the security team revealed a few bugs in Microsoft’s Windows operating system.os_x_yosemite_roundup

The reports put forward by the Project Zero Security team states that although the vulnerabilities are dangerous for the user and his data, but in order for the attacker to steal something, he or she must have access to the targeted Mac.

<

The first flaw in the OS X operating system is a networkd effective_audit_token XPC type confusion sandbox escape. It gets unsandboxed and runs as its own users opening the floodgates for an attack. The report suggests that it is accessible to other sandboxes from outside including ntpd, Safari WebProcess, etc.. The other flaws pointed out by Project Zero’s Security team includes OS X IOKit kernel code execution, which occurs due to a NULL pointer dereference in IntelAccelerator. The third flaw pointed out by the team, includes the OS X IOKit kernel memory corruption due to bad bzero in the IOBluetoothDevice.

On the other hand, Apple is unhappy with Project Zero as the company’s security procedures does not allow any information outside the company until a complete investigation has taken place. In the recent past, Microsoft was also upset with Project Zero as the team revealed a bug in Windows 8.1, which was not properly fixed by Microsoft. The bug could easily allow any individual to gain administrator authority.

[ Source (1) (2) (3) ]


About Wayne Murphy

wmurphy@thenextdigit.com'
Writer and specialized in Mobile Phones (iOS, Android, BB etc), who was with the TND team since it's inception. Other than Blogging, he is also pursuing his graduation on Business Management at CA, California University. All posts by Wayne

Fatal error: Uncaught Exception: 12: REST API is deprecated for versions v2.1 and higher (12) thrown in /home/nitin198/public_html/wp-content/plugins/seo-facebook-comments/facebook/base_facebook.php on line 1273