Having made public three Windows issues (as reported by Arstechnica), Google turns its guns on Apple with three OS X issues. Specifically:
- OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice
- OS X networkd “effective_audit_token” XPC type confusion sandbox escape (with exploit)
- OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator
Don’t panic, though: an attacker would have to have direct access to the system to take advantage of the breaches. What’s more, the second issue may already have been addressed in Yosemite. (Unconfirmed.)
This article also refers.
David Harley
Small Blue-Green World
Leave a Reply