Google outs three Apple zero-day vulnerabilities

Google's vulnerability research team Project Zero has disclosed three zero-day flaws on Apple's OS X platform, hot on the heels of similar disclosures for Microsoft's operating system.

Earlier this month the Google researchers published details of a zero-day vulnerability in Microsoft's Windows 8.1 platform that they had discovered three months earlier, a controversial policy that has raised the ire of security researchers.

Independent researcher Graham Cluley, formerly of security vendor Sophos, condemned Google's publication of the zero-day exploits as schoolboy antics.

"Isn’t it about time they grew up, and acted responsibly for the safety of internet users?" Cluley wrote, adding that Google's own Android operating system had several unpatched flaws.

Over the past two days, Project Zero has published details of three OS X vulnerabilities the team rated as high severity.

The researchers said the three flaws all require an attacker to have some level of access to a target machine. 

But the team warned that combined with a separate attack, the vulnerabilities could be exploited to elevate privileges and gain system-wide access on vulnerable Macs.

Google said the vulnerabilities - for which it has provided proof-of-concept exploit code - had been reported to Apple at the end of October last year, as per Project Zero's three-month timeline for reporting of vulnerabilities.

The first flaw allows an attacker to pass arbitrary commands to the networkd OS X system daemon because it does not check its input properly. The severity of the flaw is exacerbated because networkd runs as a privileged account and therefore has system-wide access.

The second and third flaws both relate to OS X's low-level I/OKit kernel framework.

One gives local users who can execute code on an OS X machine root or superuser access through null pointer dereferencing, allowing privilege escalation.

Another gives an attacker the ability to write into kernel memory, potentially allowing them to crash systems or access private data.

Apple declined to comment. A spokesperson directed iTnews to a page on the company's website which states Apple does not "disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available".