OSX Zero Day Vulnerabilities
Google's Project Zero vulnerability research program does not just reaching Windows vulnerabilities. They have revealed the existence of three new zero-day vulnerabilities on the Mac platform.
An experienced hacker with this information could have exploited these bugs. Project Zero published the details of these exploited after alerting Apple to these issues.
- "OS X networkd 'effective_audit_token' XPC type confusion sandbox escape," allows an attacker to pass arbitrary commands to the networkd OS X system daemon because it does not check its input properly..
- "OS X IOKit kernel code execution due to NULL pointer dereference in Intel Accelerator," gives local users who can execute code on an OS X machine's root or superuser access through null pointer dereferencing, allowing privilege escalation.
- "OS X IOKit kernel memory corruption due to bad zero in IOBluetoothDevice," gives an attacker the ability to write into kernel memory, potentially allowing them to crash systems or access private data.
All of these exploits require physical access to the targeted computer in order to cause any real damage. However, the main concern is that the exploits could be combined with a separate exploit to elevate lower-level privileges and gain control over vulnerable Macs.
GOOGLE provided Proof of concept of all three flaws
They reported the flaws to Apple on October 20, October 21, and October 23, 2014. After the expiration of the 90-day disclosure period, the company published all bugs.