www. O S N E W S .com
News Features Interviews
BlogContact Editorials

Google publishes three 90-day OS X vulnerabilities
By Thom Holwerda on 2015-01-23 23:00:44

Don't look now, but Google's Project Zero vulnerability research program may have dropped more zero-day vulnerabilities - this time on Apple's OS X platform.

In the past two days, Project Zero has disclosed OS X vulnerabilities here, here, and here. At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. What's more, the first vulnerability, the one involving the "networkd 'effective_audit_token' XPC," may already have been mitigated in OS X Yosemite, but if so the Google advisory doesn't make this explicit and Apple doesn't publicly discuss security matters with reporters.

You'd think a writer at Ars Technica was aware of what a zero-day is. These are 90-days, meaning Google is giving - int his case - Apple two to three times as long as industry sort-of standard (which is 30-45 days). Of course, Google dropping zero-days on Apple will draw a lot more clicks, but that doesn't make it any less bullshit. Then again, it isn't like this is the first time this particular author sensationalises to the point of ridiculousness.

The other points from before, of course, still stand. In addition, it'd be great if other companies started combing through Google's stuff too.

7  Comments - Printer friendly - Related stories
Recent related stories
- "We need to document macOS" - 2017-08-13
- Building the XNU kernel on Mac OS X Sierra - 2017-07-13
- Apple showcases macOS High Sierra - 2017-06-05
- Hackintoshes show that Apple should just build a Mac tower - 2017-05-01
- Darwin 0.1 and Rhapsody DR 2 booted - 2017-04-24
- More related articles
 

Tell a friend
Your full name:
Your email address:
Your friend's email:
Anti-spam measure:
5+2=

News Features Interviews
BlogContact Editorials


WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?