Google Project Zero is the name given to the security team within Google whose role is to discover vulnerabilities in various software programs. During this day, the team revealed to the whole world a series of vulnerabilities OS X, which have been reported to Apple since October, they have already been fixed in the beta version OS X Yosemite 10.10.2.
According Google Project Zero, OS X vulnerabilities They are based on memory corruption, kernel code execution and the possibility of removing application writing restrictions. Along with the information on the existing vulnerabilities, Google also provided details on how they can be exploited in users' Macs, so anyone could use them.
At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities.
Although the vulnerabilities require hackers to gain physical access to Macs to execute them, Apple still managed to fix them in OS X Yosemite 10.2.2, although this version of the operating system is not publicly available. Considering that Google has published information regarding these vulnerabilities, there is a possibility that Apple will accelerate the release of OS X Yosemite 10.2.2, the new version of the operating system may appear today or on Monday.
Google Project Zero normally gives software producers 90 days, from the moment of notification, to solve their vulnerabilities, in the case of Apple this term expires this week. No one knows why Apple waited until the last moment to update its operating system, but it probably didn't manage to solve its problems quickly enough.
