Apple's OS X 10.10.2 to Fix Security Vulnerabilities Exposed by Google's Project Zero

Google's security team, Project Zero, this week disclosed to the public several security vulnerabilities in OS X, some three months after the issue were shared with Apple (via Ars Technica). While Apple has not commented officially on the issues, it appears one has already been patched and iMore reports the remaining two are fixed in OS X 10.10.2, which is currently in developer testing.

macbook_air_yosemite
Project Zero works to discover security vulnerabilities of various operating systems and software, giving their owners 90 days notice to patch the issues before publishing their findings to the public. In their markup of Apple's OS X, problems involving memory corruption, kernel code execution, and a sandbox escape were all discovered by the team. Ars Technica notes:

At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. [...]

Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities.

As the 90-day deadline hit during the week, the group began posting its findings online. Google's notes suggest one of the vulnerabilities was fixed with the release of OS X Yosemite, while the other two remained unaddressed.

But as pointed out by iMore, Apple's incoming OS X 10.10.2 update does indeed include fixes for the remaining two vulnerabilities exposed by Project Zero.

[B]ased on the latest build of OS X 10.10.2, seeded [Wednesday] to developers, Apple has already fixed all of the vulnerabilities listed above. That means the fixes will be available to everyone running Yosemite as soon as 10.10.2 goes into general availability.

Google's Project Zero has been disclosing significant security vulnerabilities for a number of months now, previously discovering a few significant Windows issues and sharing them online. The project shines light on much-needed fixes to various operating systems, but sometimes undercuts the point of security, as in that Windows case that's left users' systems more vulnerable with the publicized knowledge before Microsoft could properly fix it. Still, the 90-day window before public disclosure is intended to give companies time to fix the issues while also giving them incentive to do so in a timely fashion.

Top Rated Comments

bawbac Avatar
83 months ago
Google is playing dirty.

How?
They could expose the issue without the 90 day grace period if they wanted to be dirty.
Score: 37 Votes (Like | Disagree)
Keirasplace Avatar
83 months ago
Anyone hear that that explosion at Cupertino?

The irony that Android right now is biggest botnet source in the world right now because of crap level security and upgrade policy... That I could have 100+ separate security patches for Microsoft in one year... Makes Apple pretty secure from any derision from the likes of Google or Microsoft.
Score: 16 Votes (Like | Disagree)
maflynn Avatar
83 months ago
Google is playing dirty.

You mean by communicating that OS X has security holes, how's that dirty? It will now at the very least get addressed by Apple
Score: 15 Votes (Like | Disagree)
genovelle Avatar
83 months ago
You mean by communicating that OS X has security holes, how's that dirty? It will now at the very least get addressed by Apple

Because they have holes in their own OS that remain open for months that they don't report on. Before a company starts searching for and reporting flaws in someone else's product, that should devote those resources to fixing their own mess.
Score: 14 Votes (Like | Disagree)
jay_app Avatar
83 months ago
Google has a disingenuous agenda on this. Where are all the hundreds of issues with Andriod, Chrome OS, gmail, etc? They will not mention them. Should Microsoft or Apple publish Google's issues after 90 days. The list would be very long.
Score: 13 Votes (Like | Disagree)
admmasters Avatar
83 months ago
How about Google actually fix their own bugs?

Pretty annoyed at Google at the moment considering Lollipop's widely reported issues and bugs such as this which they consider obsolete, but clearly aren't (reproducible on Macbook Pro Retina Late 2013 + Yosemite 10.10.1): https://code.google.com/p/android/issues/detail?id=39548

Those in glass houses...
Score: 11 Votes (Like | Disagree)

Top Stories

apple music change forever

Apple Music Teaser: 'Get Ready – Music is About to Change Forever'

Sunday May 16, 2021 2:39 pm PDT by
The Browse tab in the Music app across Apple's platforms has started displaying a prominent teaser hinting at an upcoming major announcement for Apple Music. Under the heading "Coming soon," the headline says "Get ready – music is about to change forever." An accompanying "Tune-In Video" simply shows an animated Apple Music logo. Rumors have indicated that Apple is preparing to launch a...
m1 ipad pro early customer

M1 iPad Pro Arrives Early for Lucky Customer

Saturday May 15, 2021 11:57 pm PDT by
Days ahead of their expected launch and seemingly before official review embargoes lift, one lucky customer has already gotten their hands on the brand new 12.9-inch M1 iPad Pro. Reddit User PeterDragon50 Posted on Reddit, u/PeterDragon50 has already received their 12.9-inch iPad Pro through retailer Nebraska Furniture Mart. The Reddit user says they placed their order when pre-orders...
2021 mbp hdmi slot 3d

2021 MacBook Pro Leaks Confirm Returning MagSafe and Ports

Friday May 14, 2021 3:06 am PDT by
Apple's upcoming MacBook Pro models are expected to feature a number of major changes such as larger display options and powerful new Apple silicon chips. Among the more surprising updates to this year's MacBook Pro models is the return of three ports that have been missing from the machines for over five years. Expected to come in 14- and 16-inch sizes, the 2021 MacBook Pro models are...
Twitter Feature

Twitter's 'Blue' Subscription Service May Cost $2.99, Will Offer Undo Tweet Option

Saturday May 15, 2021 11:08 am PDT by
Twitter has been working on some kind of subscription service since last summer, and Jane Manchun Wong, who often digs into new features coming in apps, has shared details on just what Twitter is exploring. Twitter's subscription service could be called Twitter Blue, and at the current time, it's priced at $2.99 per month. There will be a "Collections" section that allows users to save and...
AirPods Lineup Not Lossless Feature

AirPods, AirPods Max and AirPods Pro Don't Support Apple Music Lossless Audio

Monday May 17, 2021 10:44 am PDT by
Apple today announced that starting in June, Apple Music songs will be available to stream in Lossless and Hi-Resolution Lossless formats, but lossless audio won't be supported on the AirPods, AirPods Max, or AirPods Pro. Apple's Lossless Audio is encoded as Apple Lossless Audio Codec files, with lossless quality ranging from 16-bit 44.1 kHz playback to 24-bit 48 kHz playback and Hi-Res...
Top Stories 60 Feature

Top Stories: M1 iMac Benchmarks, iPhone Battery Life Tips, Colorful MacBook Air?

Saturday May 15, 2021 6:00 am PDT by
Anticipation is building for the new iMac and iPad Pro models, which have started shipping out ahead of a launch around May 21. Benchmarks for the new machines are starting to come in, and the M1 chips inside of them are registering at around the same figures seen with other M1-based Macs, making for significant upgrades over previous-generation models. This week also saw some rumors about...
apple music spatial audio

Apple Music Launching Spatial Audio With Dolby Atmos and Lossless Audio in June at No Extra Cost

Monday May 17, 2021 6:06 am PDT by
Apple today announced that Apple Music will be gaining support for Spatial Audio with Dolby Atmos at no additional cost starting in June. At launch, Apple Music subscribers will have access to thousands of songs in Spatial Audio from artists like J Balvin, Gustavo Dudamel, Ariana Grande, Maroon 5, Kacey Musgraves, The Weeknd, and many others. Apple says this feature will provide a...
General Music and AirPod 3 Feature

Rumor: Apple to Announce Third-Generation AirPods and HiFi Apple Music Tier on May 18

Thursday May 13, 2021 10:32 pm PDT by
A new rumor suggests that Apple will announce the third-generation AirPods and the recently rumored HiFi, or high-fidelity Apple Music tier, on Tuesday, May 18, via a press release on its website. The new rumor comes from Apple YouTuber Luke Miani who shared the alleged exclusive news with the AppleTrack website. According to the YouTuber, Apple plans to release the next-generation AirPods...
apple music logo

Apple Music Teaser References 'Hi-Res Lossless' and 'Dolby Atmos'

Sunday May 16, 2021 4:04 pm PDT by
Earlier today, Apple Music began teasing a special announcement with the tagline "Get Ready – Music is About to Change Forever." This teaser comes amid a rumor that Apple is preparing to announce the third-generation AirPods alongside a HiFi, or lossless audio streaming tier for Apple Music on Tuesday, May 18. Now, references to "Apple Lossless," "Free Lossless," "Hi-Res Lossless," and...
tile amazon sidewalk integration

Apple Says Tile Trackers Sold Poorly in Apple Stores

Friday May 14, 2021 4:53 am PDT by
Earlier last month, Spotify, Tile, and Match (owner of Tinder), testified at an app store antitrust hearing spearheaded by the U.S. Senate. During the hearing, Spotify called Apple's App Store "an abusive power grab," while Tile said Apple uses its platform to "unfairly limit competition for its products." Now, in response to their testimonies, Apple's vice president and chief compliance...