Google keeps firing shots at its competition. This time, the researchers from Google's security team called Project Zero came forward with three OS X vulnerabilities that haven't been patched yet. According to analysts, all three of these flaws pose a severe security threat and all of them have been reported to Apple back in October 2014, but the Cupertino-based company failed to fix them in time. According to the Project Zero rules, each newly found vulnerability is disclosed to the general public 90 days after its discovery, and this week the allotted time interval has expired.
The found vulnerabilities are:
- "OS X networked "effective_audit_token" XPC type confusion sandbox escape," - a flaw that allows hackers to bypass commands in the network system.
- "OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator."
- "OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice." - a glitch that lets ill-intentioned people to exploit the OS kernel structure.
Even though the attacker will first need to have access to the Mac in order to exploit any of these vulnerabilities, they still pose a severe security threats as they enable hackers to elevate their privileges and completely take over the machine. Along with the flaws, Google's researchers also published proof-of-concept exploits, to demonstrate exactly how each of them works. Hopefully, Apple's engineers will be able to fix these issues as soon as possible.