www. O S N E W S .com
News Features Interviews
BlogContact Editorials

Google publishes three 90-day OS X vulnerabilities
By Thom Holwerda on 2015-01-23 23:00:44

Don't look now, but Google's Project Zero vulnerability research program may have dropped more zero-day vulnerabilities - this time on Apple's OS X platform.

In the past two days, Project Zero has disclosed OS X vulnerabilities here, here, and here. At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. What's more, the first vulnerability, the one involving the "networkd 'effective_audit_token' XPC," may already have been mitigated in OS X Yosemite, but if so the Google advisory doesn't make this explicit and Apple doesn't publicly discuss security matters with reporters.

You'd think a writer at Ars Technica was aware of what a zero-day is. These are 90-days, meaning Google is giving - int his case - Apple two to three times as long as industry sort-of standard (which is 30-45 days). Of course, Google dropping zero-days on Apple will draw a lot more clicks, but that doesn't make it any less bullshit. Then again, it isn't like this is the first time this particular author sensationalises to the point of ridiculousness.

The other points from before, of course, still stand. In addition, it'd be great if other companies started combing through Google's stuff too.

7  Comments - Printer friendly - Related stories
Recent related stories
- Reverse engineering the macOS High Sierra supplemental update - 2017-10-09
- Apple open-sourced iOS and macOS kernel for ARM - 2017-10-02
- Apple releases macOS High Sierra - 2017-09-26
- Apple sets release dates for macOS High Sierra, iOS 11 - 2017-09-12
- "We need to document macOS" - 2017-08-13
- More related articles
 

Tell a friend
Your full name:
Your email address:
Your friend's email:
Anti-spam measure:
5+2=

News Features Interviews
BlogContact Editorials


WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?