Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Three OS X Vulnerabilities Disclosed by Google

The details of three high-severity vulnerabilities affecting Apple’s OS X operating system have been disclosed over the past two days by Google.

Vulnerability reports containing details and proof-of-concept code were created by Ian Beer, a member of Google’s Project Zero initiative.

The details of three high-severity vulnerabilities affecting Apple’s OS X operating system have been disclosed over the past two days by Google.

Vulnerability reports containing details and proof-of-concept code were created by Ian Beer, a member of Google’s Project Zero initiative.

The security holes were reported to Apple on October 20, October 21, and October 23. Their details were made public this week after the 90-day disclosure deadline given by Project Zero to vendors expired.

One of the flaws has been described as an “OS X networkd ‘effective_audit_token’ XPC type confusion sandbox escape.” The issue was successfully tested on OS X Mavericks 10.9.5, but it might have been fixed in OS X Yosemite 10.10.

“networkd is the system daemon which implements the com.apple.networkd XPC service. It’s unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network),” reads Google’s advisory for the bug. “networkd parses quite complicated XPC messages and there are many cases where xpc_dictionary_get_value and xpc_array_get_value are used without subsequent checking of the type of the returned value.”

The second issue is an IOKit kernel code execution vulnerability caused by “NULL pointer dereference in IntelAccelerator.” While initially Beer believed this flaw might have been fixed in OS X Yosemite, he later clarified that the bug exists even in version 10.10.

Advertisement. Scroll to continue reading.

The third vulnerability disclosed by Google this week is an IOKit kernel memory corruption bug. The flaw involves the IOBluetoothDevice class and it can only be exploited if a Bluetooth device is connected to the targeted computer. Beer said he tested the exploit with an Apple Bluetooth keyboard.

SecurityWeek has reached out to Apple to see if the company can clarify the status of these vulnerabilities.

It’s worth noting that Beer has found many vulnerabilities in Apple’s OS X over the past months. For example, when the company released OS X Yosemite 10.10, the Google researcher was credited for identifying three flaws. When the OS X Mavericks v10.9.4 update was released, Beer was credited for a total of nine issues.

In the past weeks, Google’s Project Zero disclosed several vulnerabilities affecting Windows 8.1 and other versions of Microsoft’s operating system. Microsoft accused Google of putting users at risk with its strict disclosure deadline, especially since one of the flaws was published just two days before it was patched.

For the time being, Google believes 90 days is more than enough time for a vendor to fix a security hole, so the company is sticking to its policy.

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.