Apple's OS X 10.10.2 to Fix Security Vulnerabilities Exposed by Google's Project Zero

by

Google's security team, Project Zero, this week disclosed to the public several security vulnerabilities in OS X, some three months after the issue were shared with Apple (via Ars Technica). While Apple has not commented officially on the issues, it appears one has already been patched and iMore reports the remaining two are fixed in OS X 10.10.2, which is currently in developer testing.

macbook_air_yosemite
Project Zero works to discover security vulnerabilities of various operating systems and software, giving their owners 90 days notice to patch the issues before publishing their findings to the public. In their markup of Apple's OS X, problems involving memory corruption, kernel code execution, and a sandbox escape were all discovered by the team. Ars Technica notes:

At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. [...]

Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities.

As the 90-day deadline hit during the week, the group began posting its findings online. Google's notes suggest one of the vulnerabilities was fixed with the release of OS X Yosemite, while the other two remained unaddressed.

But as pointed out by iMore, Apple's incoming OS X 10.10.2 update does indeed include fixes for the remaining two vulnerabilities exposed by Project Zero.

[B]ased on the latest build of OS X 10.10.2, seeded [Wednesday] to developers, Apple has already fixed all of the vulnerabilities listed above. That means the fixes will be available to everyone running Yosemite as soon as 10.10.2 goes into general availability.

Google's Project Zero has been disclosing significant security vulnerabilities for a number of months now, previously discovering a few significant Windows issues and sharing them online. The project shines light on much-needed fixes to various operating systems, but sometimes undercuts the point of security, as in that Windows case that's left users' systems more vulnerable with the publicized knowledge before Microsoft could properly fix it. Still, the 90-day window before public disclosure is intended to give companies time to fix the issues while also giving them incentive to do so in a timely fashion.

Tags: OS X 10.10.2, Project Zero

Popular Stories

Golden Apple Logo

Every Apple Secret That Leaked Wednesday

Thursday August 14, 2025 4:13 am PDT by
Apple made a major slip Wednesday when it accidentally included hardware identifiers in software code linking to numerous unannounced products. The leaked information provided MacRumors with concrete evidence of Apple's hardware development across multiple product categories. Here's everything that was confirmed through the code discoveries: New HomePod mini with updated chip – New...
Read Full Article54 comments
iPhone 17 Pro Dark Blue and Orange

iPhone 17 Pro to Start at $1,049 With Doubled Base Storage

Wednesday August 13, 2025 1:45 am PDT by
Apple's upcoming iPhone 17 Pro will have a starting price that is $50 more than the iPhone 16 Pro but it will come with a minimum 256GB of storage, doubling the base capacity compared to last year's model. The information comes from Chinese leaker Instant Digital, posting on Weibo. The account, which has 1.5 million followers, has now made the claim three separate times in recent weeks....
Read Full Article128 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

Alleged iPhone 17 Pro Chassis Offers First Look at All-Aluminum Body

Thursday August 14, 2025 3:40 am PDT by
An alleged iPhone 17 Pro production leak may provide a first look at the device's milled all-aluminum chassis, which this year includes the camera bump – in contrast to last year's iPhone 16 Pro model that features a glass camera module attached to an all-glass back panel. Originally shared by leaker Majin Bu, the image below could be of a moulding, but it still lines up with rumors that...
Read Full Article89 comments
iPhone 17 Pro Feature Dual

When Will Apple Announce the iPhone 17 Event?

Tuesday August 12, 2025 12:46 pm PDT by
It is now mid-August, meaning that Apple's annual iPhone event is just around the corner. This year, Apple is expected to unveil the iPhone 17, the all-new iPhone 17 Air, the iPhone 17 Pro, and the iPhone 17 Pro Max. Here are some of the key rumors for those devices:iPhone 17: Same design as iPhone 16, but with an A19 chip, a larger 6.3-inch display, an upgraded 24-megapixel front camera, ...
Read Full Article38 comments
maxresdefault

Top 5 Features Coming to the Apple Watch Ultra 3

Tuesday August 12, 2025 11:48 am PDT by
We're just about a month away from Apple's annual September event, and we're going to get a new version of the Apple Watch Ultra for the first time since 2023. There are some useful new features rumored for the Apple Watch Ultra 3, which we've summarized below. Subscribe to the MacRumors YouTube channel for more videos. Satellite Connectivity - The Apple Watch Ultra 3 will be the first...
Read Full Article69 comments
Apple TV 2025 Thumb 2

New Apple TV Coming Later This Year With A17 Pro Chip

Wednesday August 13, 2025 5:29 pm PDT by
Rumors suggest that Apple is working on an updated version of the Apple TV that's slated for launch later this year. Information about the upcoming device that was found in Apple code indicates that it will be equipped with the A17 Pro chip. There have been multiple rumors about a new Apple TV coming in 2025 with a new A-series processor, but it hasn't been clear which chip Apple would use...
Read Full Article119 comments
Generic iOS 18

Apple Says iOS 18.6.1 is Coming Today

Thursday August 14, 2025 7:29 am PDT by
In case you missed it — this is the post for people who mainly only read headlines — Apple has announced that it will be releasing iOS 18.6.1 and watchOS 11.6.1 later today. Apple shared this information in a press release on its Newsroom website. The software updates will re-enable the Blood Oxygen feature on Apple Watch Series 9, Series 10, and Ultra 2 models sold in the United States....
Read Full Article58 comments
ios 26 liquid glass lock screen beta 6

Apple Changes Liquid Glass Again in iOS 26 Beta 6

Monday August 11, 2025 12:09 pm PDT by
Apple is continuing to tweak the way that the Liquid Glass design looks ahead of the iOS 26 launch, and the latest beta makes a change to the Lock Screen. The Lock Screen clock has been updated with additional transparency, allowing more of the background to peek through. Beta 6 on left, beta 5 on right The clock also has more of a 3D, floating look, which is in line with the rest of the ...
Read Full Article191 comments
iPhone 17 Pro on Desk Centered 1

iPhone 17 Pro Just Weeks Away — Here Are the Top 4 Rumored Features

Wednesday August 13, 2025 7:59 am PDT by
Apple's annual iPhone event is just around the corner, with the iPhone 17 series expected to be announced in early September, and availability to follow later in the month. As always, the Pro and Pro Max models will have the most new features. Below, we have recapped rumors about four of the most interesting iPhone 17 Pro features. This list is subjective, of course, so sound off in the...
Read Full Article11 comments

Top Rated Comments

bawbac Avatar
bawbac
138 months ago
Google is playing dirty.

How?
They could expose the issue without the 90 day grace period if they wanted to be dirty.
Score: 37 Votes (Like | Disagree)
Keirasplace Avatar
Keirasplace
138 months ago
Anyone hear that that explosion at Cupertino?

The irony that Android right now is biggest botnet source in the world right now because of crap level security and upgrade policy... That I could have 100+ separate security patches for Microsoft in one year... Makes Apple pretty secure from any derision from the likes of Google or Microsoft.
Score: 16 Votes (Like | Disagree)
maflynn Avatar
maflynn
138 months ago
Google is playing dirty.

You mean by communicating that OS X has security holes, how's that dirty? It will now at the very least get addressed by Apple
Score: 15 Votes (Like | Disagree)
genovelle Avatar
genovelle
138 months ago
You mean by communicating that OS X has security holes, how's that dirty? It will now at the very least get addressed by Apple

Because they have holes in their own OS that remain open for months that they don't report on. Before a company starts searching for and reporting flaws in someone else's product, that should devote those resources to fixing their own mess.
Score: 14 Votes (Like | Disagree)
jay_app Avatar
jay_app
138 months ago
Google has a disingenuous agenda on this. Where are all the hundreds of issues with Andriod, Chrome OS, gmail, etc? They will not mention them. Should Microsoft or Apple publish Google's issues after 90 days. The list would be very long.
Score: 13 Votes (Like | Disagree)
admmasters Avatar
admmasters
138 months ago
How about Google actually fix their own bugs?

Pretty annoyed at Google at the moment considering Lollipop's widely reported issues and bugs such as this which they consider obsolete, but clearly aren't (reproducible on Macbook Pro Retina Late 2013 + Yosemite 10.10.1): https://code.google.com/p/android/issues/detail?id=39548

Those in glass houses...
Score: 11 Votes (Like | Disagree)
Read All Comments