Google Shows Up Apple With OS X Vulnerability List

By Gerald Lynch on at

Not content with leaving Microsoft red-faced over Windows security issues, Google's Project Zero bug hunting team has moved on to Apple's OS X.

It's highlighted three security issues in the operating system that it considers pose a significant threat. In fact, it flagged up the problems 90 days ago, making them public as Apple have yet to fix them.

Bug number one is the catchily named "OS X networkd "effective_audit_token" XPC type confusion sandbox escape", number two is "OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator", and number three "OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice." While all these issues require an attacker to have gained access to a Mac through other nefarious methods first, these flaws would allow them to gain greater privileges on the machine and take full control.

Though Apple's security page states that the company "does not disclose, discuss or confirm security issues until a full investigation has occurred," Google's whistleblowing action may force its hand into acting faster, which can only be a good thing. [Google