Google discloses three OS X 0-days
In the past few days, Google has released information about and proof-of-concept exploit code for three separate zero-day vulnerabilities affecting Apple’s OS X operating system.
Privately disclosed to Apple on October 20, 21 and 23, the documents detailing the flaws became automatically public after the usual 90 days that Google’s Project Zero vulnerability research program gives to vendors to fix the flaw before it releases the information.
Apple has yet to comment this situation, but the company is known for not discussing or confirming security issues until they can issue patches or updates to fix them.
The three vulnerabilities are not critical, as they require the attacker to have access to the targeted Mac machine.
The public revelation of these flaws comes a week after Microsoft has publicly criticized Google for not being flexible with the disclosure deadline and for disclosing several critical Windows flaws that Microsoft hasn’t been able to patch in the aforementioned grace period of 90 days.