Two of the OS X security flaws brought to light earlier this week by Google’s Project Zero security team will be fixed in the upcoming OS X 10.10.2 update, and another has already been patched.
Project Zero works to discover security vulnerabilities of various operating systems and software, giving their owners 90 days notice to patch the issues before publishing their findings to the public. In their markup of Apple’s OS X, problems involving memory corruption, kernel code execution, and a sandbox escape were all discovered by the team.
Ars Technica notes:
“At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. […]
“Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities.”
The 90-day deadline hit this week, so the group began posting its findings online. Google reported that while one vulnerability had been fixed, two remained unaddressed. However, reports from such publications as iMore indicate Apple’s still-under-testing OS X 10.10.2 update does include fixes for the holes.