Google, in the past few days, has leaked a total of three, severe OSX Yosemite vulnerabilities under its Project-Zero program. This comes after Google disclosed (twice) similar flaws in Windows, despite the harsh-worded response it received from Microsoft.
The first flaw, titled “OS X networkd “effective_audit_token” XPC type confusion sandbox escape (with exploit)” talks about how a potential exploiter could find a way around certain network commands in the OSX Yosemite. The flaw has been detailed out, along with the code snippet that could be used to exploit this flaw.
The second vulnerability, titled “OS X IOKit kernel code execution due to NULL pointer dereference in Intel Accelerator” talks about calling IOConnectMapMemory on userclient type 2 of “IntelAccelerator” with memory type 3 hits an exploitable kernel NULL pointer dereference calling a virtual function on an object at 0x0.
And lastly, the third flaw talks about “OS X IOKit kernel memory corruption due to bad bzero in IO Bluetooth Device”. A hacker could use a bluetooth device connected to OS X system to corrupt the kernel memory.
Though the flaws are severe, these loopholes can only be exploited when the attacker has access to a targeted Mac. However, if the attacker does get access, it could easily use the above mentioned flaws to take over the machine.
Google’s Project Zero gives a 90-day deadline to the vendor to fix the vulnerabilities upon their detection. However if the flaws aren;t fixed, Google published the flaw, along with the code that could be used to exploit the targeted system.
This is the third big vulnerability disclosure by Google under its Project Zero initiative in past month. It earlier disclosed sever flaws in Windows OS, for which it received an equally severe backlash from Microsoft. However, Google went on to publish another round of flaws, though they were termed less severe by Microsoft.
IMAGE : FLICKR / CC 2.0 / Chris Messina