Google's Project Zero team has been hitting Microsoft pretty hard this month over discovered vulnerabilities in Windows software, but now it's Apple's turn in the spotlight.
Project Zero appears to be pretty platform-agnostic, actually. The bug-hunting team recently published three zero-day vulnerabilities that it found (and previously disclosed to Apple) within OS X 10.
Project Zero's policy is to publicly disclose vulnerabilities in software 90 days after informing its owners of the issue, if they don't fix the problem. The idea is to unleash public pressure to prompt a company to pick up the pace on patching its software, if it plans to do so at all.
In Microsoft's case, two exploits recently found and published by Project Zero don't seem to be worrying Redmond all that much, eWeek noted.
As for Apple, three vulnerabilities identified by Project Zero in OS X 10 don't "appear to be highly critical," Ars Technica reported.
That said, the publication of the bugs does potentially mean that less-savory types will now have a pretty good starting point for creating new attacks of their own targeting Mac software. All three of the exploits Project Zero published do seem to require that an attacker have physical access to a computer being targeted, though there's a possibility that a remote attack could also be launched, according to some security experts.
And while Apple never responded to Project Zero's warnings, it's possible Cupertino quietly patched the first vulnerability identified—which is listed as Issue #130 in Google's Security Research project. Google acknowledges that Apple might have applied "mitigations" to the exploit within the latest version of OS X, Yosemite. Apple may actually have fixed all three of the threats with its OS X 10.10.2 update released to members of the company's Mac Developer program, according to iMore. If so, we'd hope that the update gets greenlighted for general release to Mac users soon.
At any rate, Apple's own policy is to avoid discussion of such matters.
"For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. Apple usually distributes information about security issues in its products through this site and [a mailing list]," reads Apple's Product Security page.
Apple Fan?
Sign up for our Weekly Apple Brief for the latest news, reviews, tips, and more delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
