Apple's OS X 10.10.2 to Fix Security Vulnerabilities Exposed by Google's Project Zero

Google's security team, Project Zero, this week disclosed to the public several security vulnerabilities in OS X, some three months after the issue were shared with Apple (via Ars Technica). While Apple has not commented officially on the issues, it appears one has already been patched and iMore reports the remaining two are fixed in OS X 10.10.2, which is currently in developer testing.

macbook_air_yosemite
Project Zero works to discover security vulnerabilities of various operating systems and software, giving their owners 90 days notice to patch the issues before publishing their findings to the public. In their markup of Apple's OS X, problems involving memory corruption, kernel code execution, and a sandbox escape were all discovered by the team. Ars Technica notes:

At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. [...]

Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities.

As the 90-day deadline hit during the week, the group began posting its findings online. Google's notes suggest one of the vulnerabilities was fixed with the release of OS X Yosemite, while the other two remained unaddressed.

But as pointed out by iMore, Apple's incoming OS X 10.10.2 update does indeed include fixes for the remaining two vulnerabilities exposed by Project Zero.

[B]ased on the latest build of OS X 10.10.2, seeded [Wednesday] to developers, Apple has already fixed all of the vulnerabilities listed above. That means the fixes will be available to everyone running Yosemite as soon as 10.10.2 goes into general availability.

Google's Project Zero has been disclosing significant security vulnerabilities for a number of months now, previously discovering a few significant Windows issues and sharing them online. The project shines light on much-needed fixes to various operating systems, but sometimes undercuts the point of security, as in that Windows case that's left users' systems more vulnerable with the publicized knowledge before Microsoft could properly fix it. Still, the 90-day window before public disclosure is intended to give companies time to fix the issues while also giving them incentive to do so in a timely fashion.

Top Rated Comments

bawbac Avatar
76 months ago

Google is playing dirty.


How?
They could expose the issue without the 90 day grace period if they wanted to be dirty.
Score: 37 Votes (Like | Disagree)
Keirasplace Avatar
76 months ago

Anyone hear that that explosion at Cupertino?


The irony that Android right now is biggest botnet source in the world right now because of crap level security and upgrade policy... That I could have 100+ separate security patches for Microsoft in one year... Makes Apple pretty secure from any derision from the likes of Google or Microsoft.
Score: 16 Votes (Like | Disagree)
maflynn Avatar
76 months ago

Google is playing dirty.


You mean by communicating that OS X has security holes, how's that dirty? It will now at the very least get addressed by Apple
Score: 15 Votes (Like | Disagree)
genovelle Avatar
76 months ago

You mean by communicating that OS X has security holes, how's that dirty? It will now at the very least get addressed by Apple


Because they have holes in their own OS that remain open for months that they don't report on. Before a company starts searching for and reporting flaws in someone else's product, that should devote those resources to fixing their own mess.
Score: 14 Votes (Like | Disagree)
jay_app Avatar
76 months ago
Google has a disingenuous agenda on this. Where are all the hundreds of issues with Andriod, Chrome OS, gmail, etc? They will not mention them. Should Microsoft or Apple publish Google's issues after 90 days. The list would be very long.
Score: 13 Votes (Like | Disagree)
admmasters Avatar
76 months ago
How about Google actually fix their own bugs?

Pretty annoyed at Google at the moment considering Lollipop's widely reported issues and bugs such as this which they consider obsolete, but clearly aren't (reproducible on Macbook Pro Retina Late 2013 + Yosemite 10.10.1): https://code.google.com/p/android/issues/detail?id=39548

Those in glass houses...
Score: 11 Votes (Like | Disagree)

Top Stories

Apple Watc black friday 20 sale feature

Apple Black Friday 2020: Best Apple Watch Deals [Updated]

Wednesday November 25, 2020 4:01 pm PST by
Black Friday sales have begun on a variety of products, including the Apple Watch. There are quite a few deals across the Apple Watch lineup this year, including one of the lowest price we've ever seen the Apple Watch Series 3. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the...
m1 chip macbook air pro

Kuo: Redesigned MacBooks With Apple Silicon to Launch in Second Half of 2021

Tuesday November 24, 2020 7:53 pm PST by
Apple plans to release additional MacBook models with Apple Silicon in the second half of 2021, according to analyst Ming-Chi Kuo, as part of the company's two-year transition away from Intel processors across its Mac lineup. In a research note today, obtained by MacRumors, Kuo said that these MacBook models will feature a new design. Kuo did not specify which models these will be, but he...
AirPods Pro black friday 20 sale feature 2

Black Friday 2020: AirPods Pro Reach Lowest Price Ever [Updated]

Wednesday November 25, 2020 3:22 pm PST by
Black Friday has kicked off this week, and one of the first major sales for the AirPods Pro is available right now on Walmart. You can find this deal below, along with a few other solid discounts on the regular AirPods. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site...
13 16 inch macbook pro air trio

Reliable Leaker Suggests Redesigned MacBooks in 2021 Will Include Both Apple Silicon and Intel Models

Wednesday November 25, 2020 9:15 am PST by
Reliable leaker known as "L0vetodream" has today suggested on Twitter that redesigned MacBooks coming in the second half of 2021 will include models with both Apple Silicon chips and Intel processors. The brief Tweet came in response to a MacRumors article from earlier today, which outlined a report from Ming-Chi Kuo claiming that Apple plans to release redesigned MacBook models with Apple ...
General black friday 20 sale feature

Thanksgiving Day Deals Still Available on AirPods, M1 Macs, Apple Watch Series 6, iPads

Thursday November 26, 2020 10:21 am PST by
Black Friday deals seem to start earlier and earlier every year, so there were already a wide variety of discounts available for Apple products on Thanksgiving Day. Many of the deals remain available even after Thanksgiving, but act fast, as inventory quickly fluctuates. Thanksgiving Day Deals on Apple Products — Still Available:AirPods with a wireless charging case remain available for...
iPads black friday 20 sale feature

Apple Black Friday 2020: Best iPad Deals [Updated]

Tuesday November 24, 2020 8:51 am PST by
Black Friday is underway, and we're tracking discounts across Apple's lineup of iPads, including the current-generation 10.2-inch iPad, iPad Air, and iPad Pro. We'll be keeping this post updated as new deals appear and current ones expire, so be sure to keep checking back for the latest. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...
mac mini macbook pro macbook air

Apple M1 Hands-On Comparison: MacBook Air vs. MacBook Pro vs. Mac Mini

Monday November 23, 2020 3:40 pm PST by
Apple's M1 Macs are out in the wild now, but ahead of the holidays, you might still be trying to figure out which one to pick up, either for yourself or as a gift for someone else. We've got all three of the new Macs available, so we thought we'd give MacRumors readers a hands-on overview of each machine in our latest YouTube video. Subscribe to the MacRumors YouTube channel for more videos. ...
windows 10

Developer Successfully Virtualizes Windows for Arm on M1 Mac

Friday November 27, 2020 7:16 am PST by
Developer Alexander Graf has successfully virtualized the Arm version of Windows on an M1 Mac, proving that the M1 chip is capable of running Microsoft's operating system (via The 8-Bit). Currently, Macs with the M1 chip do not support Windows and there is no Boot Camp feature as there is on Intel Macs, but support for Windows is a feature that many users would like to see. Using the...
apple park drone june 2018 2

Apple's Global Security Chief Indicted in Scheme to Trade iPads for Gun Permits, but Apple Says It's Found No Wrongdoing

Wednesday November 25, 2020 9:41 am PST by
Earlier this week, Apple's Chief Security Offier Thomas Moyer and others were charged in an expanding investigation involving the Santa Clara County Sheriff's Office over exchanging bribes for concealed gun permits, reported the Morgan Hill Times. According to the investigation, Santa Clara County Undersheriff Rick Sung held back four concealed carry weapons permits for Apple's security team ...
iPad Pro 5G and Mini LED feature

Rumored 2021 High-End iPad Pro May Feature 5G With mmWave Support

Thursday November 26, 2020 2:14 am PST by
Apple's rumored high-end iPad Pro models to be released next year will be 5G-enabled with mmWave support, according to sources cited by industry publication DigiTimes. Multiple rumors have suggested Apple is planning to release a high-end 12.9-inch iPad Pro with a mini-LED display next year, with the possibility that there will be an 11-inch mini-LED model too, but details beyond that have...