Apple's OS X 10.10.2 to Fix Security Vulnerabilities Exposed by Google's Project Zero

by

Google's security team, Project Zero, this week disclosed to the public several security vulnerabilities in OS X, some three months after the issue were shared with Apple (via Ars Technica). While Apple has not commented officially on the issues, it appears one has already been patched and iMore reports the remaining two are fixed in OS X 10.10.2, which is currently in developer testing.

macbook_air_yosemite
Project Zero works to discover security vulnerabilities of various operating systems and software, giving their owners 90 days notice to patch the issues before publishing their findings to the public. In their markup of Apple's OS X, problems involving memory corruption, kernel code execution, and a sandbox escape were all discovered by the team. Ars Technica notes:

At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. [...]

Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities.

As the 90-day deadline hit during the week, the group began posting its findings online. Google's notes suggest one of the vulnerabilities was fixed with the release of OS X Yosemite, while the other two remained unaddressed.

But as pointed out by iMore, Apple's incoming OS X 10.10.2 update does indeed include fixes for the remaining two vulnerabilities exposed by Project Zero.

[B]ased on the latest build of OS X 10.10.2, seeded [Wednesday] to developers, Apple has already fixed all of the vulnerabilities listed above. That means the fixes will be available to everyone running Yosemite as soon as 10.10.2 goes into general availability.

Google's Project Zero has been disclosing significant security vulnerabilities for a number of months now, previously discovering a few significant Windows issues and sharing them online. The project shines light on much-needed fixes to various operating systems, but sometimes undercuts the point of security, as in that Windows case that's left users' systems more vulnerable with the publicized knowledge before Microsoft could properly fix it. Still, the 90-day window before public disclosure is intended to give companies time to fix the issues while also giving them incentive to do so in a timely fashion.

Tags: OS X 10.10.2, Project Zero

Popular Stories

iOS 26

iOS 26.4 and iOS 27 Features Revealed in New Leak

Friday December 12, 2025 10:56 am PST by
Macworld's Filipe Espósito today revealed a handful of features that Apple is allegedly planning for iOS 26.4, iOS 27, and even iOS 28. The report said the features are referenced within the code for a leaked internal build of iOS 26 that is not meant to be seen by the public. However, it appears that Espósito and/or his sources managed to gain access to it, providing us with a sneak peek...
Read Full Article86 comments
iOS 26

iOS 26.2 Coming Soon With These 8 New Features on Your iPhone

Thursday December 11, 2025 8:49 am PST by
Apple seeded the second iOS 26.2 Release Candidate to developers earlier this week, meaning the update will be released to the general public very soon. Apple confirmed iOS 26.2 would be released in December, but it did not provide a specific date. We expect the update to be released by early next week. iOS 26.2 includes a handful of new features and changes on the iPhone, such as a new...
Read Full Article82 comments
iOS 26

Apple Releases iOS 26.2 With Alarms for Reminders, Lock Screen Changes, Enhanced Safety Alerts and More

Friday December 12, 2025 10:10 am PST by
Apple today released iOS 26.2, the second major update to the iOS 26 operating system that came out in September, iOS 26.2 comes a little over a month after iOS 26.1 launched. ‌iOS 26‌.2 is compatible with the ‌iPhone‌ 11 series and later, as well as the second-generation ‌iPhone‌ SE. The new software can be downloaded on eligible iPhones over-the-air by going to Settings >...
Read Full Article111 comments
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2 and AirPods Pro 3

Thursday December 11, 2025 11:28 am PST by
Apple today released new firmware designed for the AirPods Pro 3 and the prior-generation AirPods Pro 2. The AirPods Pro 3 firmware is 8B30, up from 8B25, while the AirPods Pro 2 firmware is 8B28, up from 8B21. There's no word on what's include in the updated firmware, but the AirPods Pro 2 and AirPods Pro 3 are getting expanded support for Live Translation in the European Union in iOS...
Read Full Article68 comments
macOS Tahoe 26 Thumb

Apple Releases macOS Tahoe 26.2 With Edge Light

Friday December 12, 2025 10:08 am PST by
Apple today released macOS Tahoe 26.2, the second major update to the macOS Tahoe operating system that came out in September. macOS Tahoe 26.2 comes five weeks after Apple released macOS Tahoe 26.1. Mac users can download the macOS Tahoe update by using the Software Update section of System Settings. macOS Tahoe 26.2 includes Edge Light, a feature that illuminates your face with soft...
Read Full Article97 comments
AirTag 2 Mock Feature

Apple AirTag 2: Four New Features Found in iOS 26 Code

Thursday December 11, 2025 10:31 am PST by
The AirTag 2 will include a handful of new features that will improve tracking capabilities, according to a new report from Macworld. The site says that it was able to access an internal build of iOS 26, which includes references to multiple unreleased products. Here's what's supposedly coming: An improved pairing process, though no details were provided. AirTag pairing is already...
Read Full Article38 comments
ipados 26 1 slide over

Apple Releases iPadOS 26.2 With Multitasking Improvements

Friday December 12, 2025 10:09 am PST by
Apple today released iPadOS 26.2, the second major update to the iPadOS 26 operating system released in September. iPadOS 26.2 comes a month after iPadOS 26.1. The new software can be downloaded on eligible iPads over-the-air by going to Settings > General > Software Update. iPadOS 26.2 continues with the multitasking improvements that were added with iPadOS 26.1. You can now drag and...
Read Full Article20 comments
bug security vulnerability issue fix larry

Update Now: iOS 26.2 Fixes 20+ Security Vulnerabilities

Friday December 12, 2025 11:11 am PST by
Apple today released iOS 26.2, iPadOS 26.2, and macOS 26.2, all of which introduce new features, bug fixes, and security improvements. Apple says that the updates address over 20 vulnerabilities, including two bugs that are known to have been actively exploited. There are a pair of WebKit vulnerabilities that could allow maliciously crafted web content to execute code or cause memory...
Read Full Article97 comments

Top Rated Comments

bawbac Avatar
bawbac
142 months ago
Google is playing dirty.

How?
They could expose the issue without the 90 day grace period if they wanted to be dirty.
Score: 37 Votes (Like | Disagree)
Keirasplace Avatar
Keirasplace
142 months ago
Anyone hear that that explosion at Cupertino?

The irony that Android right now is biggest botnet source in the world right now because of crap level security and upgrade policy... That I could have 100+ separate security patches for Microsoft in one year... Makes Apple pretty secure from any derision from the likes of Google or Microsoft.
Score: 16 Votes (Like | Disagree)
maflynn Avatar
maflynn
142 months ago
Google is playing dirty.

You mean by communicating that OS X has security holes, how's that dirty? It will now at the very least get addressed by Apple
Score: 15 Votes (Like | Disagree)
genovelle Avatar
genovelle
142 months ago
You mean by communicating that OS X has security holes, how's that dirty? It will now at the very least get addressed by Apple

Because they have holes in their own OS that remain open for months that they don't report on. Before a company starts searching for and reporting flaws in someone else's product, that should devote those resources to fixing their own mess.
Score: 14 Votes (Like | Disagree)
jay_app Avatar
jay_app
142 months ago
Google has a disingenuous agenda on this. Where are all the hundreds of issues with Andriod, Chrome OS, gmail, etc? They will not mention them. Should Microsoft or Apple publish Google's issues after 90 days. The list would be very long.
Score: 13 Votes (Like | Disagree)
admmasters Avatar
admmasters
142 months ago
How about Google actually fix their own bugs?

Pretty annoyed at Google at the moment considering Lollipop's widely reported issues and bugs such as this which they consider obsolete, but clearly aren't (reproducible on Macbook Pro Retina Late 2013 + Yosemite 10.10.1): https://code.google.com/p/android/issues/detail?id=39548

Those in glass houses...
Score: 11 Votes (Like | Disagree)
Read All Comments