Google’s Project Zero has published three zero-day exploits for Apple’s OS X, with enough information for experienced hackers to use in an attack. The information was not released out of malice, as Google had originally alerted Apple to these issues three months ago.
Project Zero actively looks for exploits across the internet, and alerts developers about any possible issues. The team also waits 90-days before releasing the same information to the public. This isn’t the first time that Google has ended up revealing operating system vulnerabilities before the developers can issue fixes. Several problems with Windows were also published before Microsoft could issue a software patch.
While these vulnerabilities in OS X are critical, and require physical access to the computer in order to do any real damage. However, the worry is that they may be combined with other exploits to gain control over vulnerable Macs.
That being said, Apple may have already patched the problems without telling anyone. The company does not usually release patch information to the public. As Macs also update in the background without requiring any prompting, it is difficult to say if the problems still exist.
[Source: Ars Technica]