Skip to main content

Google reveals 3 Apple OS X Zero-day Vulnerabilities

After exposing three critical zero-day vulnerabilities in Microsoft's Windows operating systems, Google's Project Zero vulnerability research program has revealed the existence of three more zero-day vulnerabilities, but this time, on Apple's OS X platform.

The team has published three zero-day exploits for Apple’s OS X, with sufficient information for an experienced hacker to exploit the bugs in an attack. Of course, the details about the zero-days were not released without alerting Apple to these issues.

FIRST ZERO-DAY VULNERABILITY
The first flaw, "OS X networkd 'effective_audit_token' XPC type confusion sandbox escape," allows an attacker to pass arbitrary commands to the networkd OS X system daemon because it does not check its input properly.

The flaw may already have been mitigated in OS X Yosemite, but there is no clear explanation of whether this is the case.

SECOND ZERO-DAY VULNERABILITY
The second and third vulnerability both are related to OS X's low-level I/OKit kernel framework.

The flaw, "OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator," gives local users who can execute code on an OS X machine root or superuser access through null pointer dereferencing, allowing privilege escalation.

THIRD ZERO-DAY VULNERABILITY
The last but not the least, "OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice," gives an attacker the ability to write into kernel memory, potentially allowing them to crash systems or access private data.

All the three vulnerabilities in OS X don't appear to be highly critical as none of these exploits remotely, since all of them require physical access to the targeted computer in order to cause any real damage. However, the main concern is that the exploits could be combined with a separate exploit to elevate lower-level privileges and gain control over vulnerable Macs.

GOOGLE PROVIDED POC OF ALL THREE FLAWS
The team has also made proof-of-concept (POC) exploit code available, which provide enough technical details to write an attack code. Google privately reported the flaws to Apple on October 20, October 21, and October 23, 2014. After the expiration of the 90-day disclosure period, the company published all bugs.

GOOGLE’S PROJECT ZERO TEASED MICROSOFT
There is no surprise if Google's Project Zero has published vulnerabilities which are yet to be patched. In the past few weeks, the team has disclosed three separate security flaws in Microsoft's Windows operating system, before Microsoft planned to patch them.

Google's Project Zero is an initiative that identifies security holes in different software and calls on companies to publicly disclose and patch bugs within 90 days of discovering them. The company’s tight 90-days disclosure policy encourages all software vendors to patch their products before they get exploited by the hackers and cybercriminals.

Apple has not provided any details about repairing the issues. However, on the company's product security page, the iPad and iPhone maker states, Apple does not "disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available".
- See more at: http://thehackernews.com/2015/01/apple-os-x-zero-day-vulnerabilities.html#sthash.o44fWtEa.dpuf
Labels:

Comments

Post a Comment

Popular posts from this blog

JNTU-K B.Tech R10 All Results | Manabadi | Schools9 | jntuk.edu.in

Hi Friends...! It is some what difficult to search the all regular and supply results in google from manabadi, schools9 or from jntuk.edu.in for JNTU-Kakinada B.Tech students of R10 Regulation. So, that for this purpose Results Release team collected all the results and providing you to check the results of jntuk r10 regulation.  JNTU-K R10 B.Tech All Results [2010-14] JNTU-K R10 B.Tech All Results [2011-15] JNTU-K R10 B.Tech All Results [2012-16]
1 comment
continue ----------->

Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll )

(Size: 530 MB) Adobe® Acrobat® XI Pro is more than just the leading PDF converter. It's packed with smart tools that give you even more power to communicate. Easily, seamlessly, brilliantly. NEW Edit text in a PDF - Fix a typo, change a font, or add a paragraph to your PDF as easily as you do in other applications using a new point-and-click interface. NEW Convert PDF files to PowerPoint - Get a head start on new projects by saving a PDF file as a fully editable PowerPoint presentation. NEW Create new PDF and web forms - Customize professional templates or design from scratch with the Adobe FormsCentral desktop app included in Acrobat XI Pro. IMPROVED Standardize routine PDF tasks - Make it easy to create PDFs consistently. Guide people through the correct series of steps with Actions. NEW Edit images in a PDF - Resize, replace, and adjust images in your PDF with no need to track down the original file or graphic.
1 comment
continue ----------->

The anatomy of anxiety

Post a Comment
continue ----------->

Mac OS X 10.8 Mountain Lion ISO Untouched OS download

Description I noticed that there are no complete and untouched Mountain Lion ISO images uploaded on any torrent sites. The only one available had its boot sector stripped so it could fit onto a 4.7 gb dvd. Therefore it is not bootable or very hard to boot! So here is a untouched copy of Mountain Lion in the ISO format. It will require a dual layer dvd to burn!  This iso was made by opening the golden master "InstallESD.dmg" in disk utility and converting it to a cd/dvd master. Macs use the extension ".cdr" for raw image files so I then changed it to ".iso". Now it is completely compatible to be burned with any iso image burner available! To burn on a mac in disk utility simply change the extension back to ".cdr". 
1 comment
continue ----------->