Google Project Zero bares Apple OS X Yosemite flaws and vulnerabilities

Technology giant Google squared off with Apple once again as its Project Zero Security team discovered major flaws in Apple’s OS X operating system. According to the security team, Apple’s OS X contains vulnerabilities that could give rise to theft of data with relative ease. The issues that the Project Zero team has unraveled just provided potential attackers to pounce on the volatile security levels and control the machine.

The announcement from Project Zero team comes shortly after the security team divulged some bugs in Microsoft’s Windows operating system.

The reports provided by the Project Zero Security team says that although the vulnerabilities are risky on the part of the user and his data but to initiate the attack, the potential attacker should have an access to the Mac target.

The first chink in the armor of the OS X operating system is a networked effective_audit_token XPC type confusion sandbox escape. It has the tendency to get unsandboxed and operates as its own users leading to an opening for a potential attack.

 

The report quips that it is accessible to other sandboxes from outside of Mac such as ntpd, Safari WebProcess, and the list goes on. The other two blemishes that are singled out by the security team are OS X IOKit kernel code execution, which materializes from a NULL pointer dereference in IntelAccelerator and OS X IOKit kernel memory corruption that may give rise from bad zero in the IOBluetoothDevice.

 

Conversely, Apple is not elated with the disclosures as its company’s security procedure does not permit any data from the external source until a complete investigation has been whipped up. Recently, Microsoft was also displeased with Project Zero as the team also disclosed a bug in Windows 8.1, which wasn’t fixed yet. The bug could easily let any attacker to take over the administrator authority.

facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Leave a Reply

Your email address will not be published. Required fields are marked *