2.4: news.cyb/sec/Google`Project Zero on #Apple:
. Google's Project Zero finds flaws in software;
and gives a 90-day warning before releasing details
including proof-of-concept code .
Google disclosed three vulnerabilities in OS X;
which were left unpatched because
they "seem to require an attacker to have
physical access to a vulnerable Mac" .
."wouldn't it have been sufficient to
demonstrate the vulnerabilities to
members of the computer security press
rather than making the code public? "
-- but the code is already public:
if Google's small team could find the flaws,
the criminals and NSA have already found them .
googleprojectzero October 1, 2014:
Ian Beer`More Mac OS X and iPhone sandbox escapes and kernel bugs
. A couple of weeks ago [in 2014.9]
Apple released OS X 10.9.5 and iOS 8
which fixed a number of sandbox escapes
and privilege escalation bugs found by Project Zero.
All-bar-one of these bugs were found via
manual source code auditing where there was source
and binary analysis where there wasn’t.
As always, click through the bugs for
proof-of-concept code and further details:
( google-security-research posts: ...
. some bugs exceeded Project Zero’s
standard 90-day disclosure deadline.
. some bugs were only fixed on iOS
and remain unpatched on OS X ).
. Finding and eliminating sandbox escapes
is an important focus for Project Zero.
The attack surface to break out of a sandbox
is often smaller than the attack surface available to
gain an initial foothold inside a sandbox.
Therefore, strengthening sandboxes represents
a solid return on investment of time.
. their research seems to indicate that
sandbox break-outs on OS X and iOS
are an under-researched topic.
. You can keep up-to-date with the latest
Project Zero research
by subscribing to labels in their bug tracker .