Google detects three Apple zero-day velnerabilities

Google detects three Apple zero-day velnerabilities

Google’s vulnerability research team, Project Zero has disclosed information on three zero-day vulnerabilities in Apple’s OS X platform.

Earlier this month, Google researchers have also targeted Microsoft’s Windows 8.1 platform for a shakedown, with one vulnerability identified. An independent researcher, Graham Cluley that was an employee of a former security vendor, Sophos, condemned Google’s publication of the zero-day exploits. He also branded their behavior as schoolboy antics.

Cluley wrote the following: “Isn’t it about time they grew up, and acted responsibly for the safety of internet user?” He added that Google’s own Android operating system had several unpatched flaws.

Over the past six days, Project Zero has published details of three OS X vulnerabilities and they have been rated as high severity by the research team.

The researches said that all three flaws require an attacker to have some level of access to the target machine.

However, the team warned that when these are combined with a separate attack, it could be used to elevate privileges and gain system-wide access on vulnerable Macs.

Google said that these vulnerabilities (for which it has provided proof-of-concept exploit code) had been reported to Apple at the end of October last year, as per the three-month timeline for reporting vulnerabilities for Project Zero.

The first flaw allows an attacker to pass arbitrary commands to the networkd OS X system daemon because it does not check its input correctly. The severity of the flaw is exacerbated because networkd runs as a privileged account and so it has system-wide access.

The second and third flaws relate to OS X’s low-level I/OKit kernel framework.

One of them gives local users (who can execute code) root or superuser access through null pointer dereferencing. This allows privilege escalation.

Another gives an attacker the ability to writ straight into the kernel memory. This allows them to potentially crash systems or access private data.