Google finds three severe zero-day vulnerabilities in Apple’s OS X

Apple does not have a flawless operating system, and Google has pointed three of them. The researchers with Google’s Project Zero security team have revealed three vulnerabilities with the OS X operating system from Apple, and are marked as severe.

ZDNet reported that though the zero-day vulnerabilities are severe, an attacker needs to have physical access to the targeted Mac.

ZDNet reported, “The first flaw, "OS X networkd "effective_audit_token" XPC type confusion sandbox escape," which involves circumvention of commands in the network system, may be mitigated in OS X Yosemite, but there is no clear explanation of whether this is the case. The second vulnerability documents "OS X IOKit kernel code execution due to NULL pointer dereference in Intel Accelerator," and finally, the third, "OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice." includes an exploit related to OS X's kernel structure.”

Each of these vulnerabilities includes a proof-of-concept exploit, disclosed by the Google’s Project Zero team. These flaws were reported to Apple in October 2014. However, Apple is yet to fix the issue. Last week, Google’s research team made these vulnerabilities public. Details of vulnerabilities are automatically made public and released to a public domain after a 90-day deadline from the Project Zero team.

ZDNet also reported that Google’s team, which was launched in 2014, also found flaws in Microsoft’s Windows operating system.

Apple states that they do not disclose, discuss or confirm any security issues until a full investigation has been done from their side and any necessary patches or releases are available. This is done to for protection of their customers.